Problem with NTLM Authentication with IE8 on Windows Server 2008

After I installed a Sharepoint (WSS 3.0) test environment and created a new Site Collection, I tried to logon on to a new Site Collection. But the login didn’t work. It looks like a problem with NTLM authentication with IE8 on Windows Server 2008. After I spend some hours checking the whole configuration of IIS7 and AD on a Windows Server 2008 I finally found the problem and the solution here:

http://ppalakollu.blogspot.com/2009/04/ie-8-ntlm-authentication-on-windows.html

If you are using host headers to resolve the websites, then you might have seen the following issue with NTLM authenticated sites on IE 8. When you access the websites on a machine other than the one where it is hosted, you will be able to get to the sites.
Once you RDP onto the server and try to connect to the website, it will prompt for your windows credentials and will get an access denied message. This problem occurs because Windows includes a loopback check security feature that helps prevent reflection attacks on your computer(Probably some kind of security change has been made in IE8 related to this feature). Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

Resolution: Disable the loopback check

  • Click Start, click Run, type regedit, and then click OK.
  • In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  • Right-click Lsa, point to New, and then click DWORD Value.
  • Type DisableLoopbackCheck, and then press ENTER.
  • Right-click DisableLoopbackCheck, and then click Modify.
  • In the Value data box, type 1, and then click OK.
  • Quit Registry Editor, and then restart your computer.
I did not try the registry modification, I just installed Mozilla Firefox and it worked without any problems.I really hate to install software like these on a server, but I also hate to do registry “hacks” as well.