Sunday, August 10, 2008

Windows Server 2003 SP1 May Cause Problems To SharePoint

Today is a very happy to me. I spent so long time, and at last solved several problems.

Q1. If I put abc.htm into some folder, then I can use IE to access it, but if I put abc.asp in, IE will always complain 404 error.
A1. It's because you need to set "Allow ASP" in the "Web Service Extensions" in IIS admin tool. By default it is turned off by SharePoint.

Q2. I put an asp page in folder, but when trying to get Request.Form, it always returns empty.
A2. It's because when you enable "Anonymous Access" in IIS, you MUST also enable "Windows Integrated Authentication", otherwise your ASP can not get form content.

Q3. This is the very hard part. After install SharePoint (WSS3), I can access http://servername on server IE, but when I access http://www.servername.com, it will ask me for password, and after enter 3 times of correct password, it will fail. But on client side, it works. Also, the reporting services in SharePoint admin behavior very strange, it can be worked on http://servername, but refuse on servername.com, also in server site collection it always cause error. And all of my previous working web services now all report "Authenticaiton fail".
A3. I tried many ways and searched for long time, and at last I searched this string in Google: ""An error occurred during logon" 537 NT AUTHORITY\SYSTEM 0xC000006D" because I found everytime I logon fail, it will show an event in Eventlog include above string. By searching that string, I found a page in Google: http://www.developmentnow.com/g/91_2005_7_0_0_560780/IIS6-NT-Authentication-fails.htm, it indirect me to here: http://support.microsoft.com/?id=896861, it says the cause is you installed Windows Server 2003 SP1:

This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

And the solution is:

Method 1: Disable the loopback check

Follow these steps:
1.Click Start, click Run, type regedit, and then click OK.
2.In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.Right-click Lsa, point to New, and then click DWORD Value.
4.Type DisableLoopbackCheck, and then press ENTER.
5.Right-click DisableLoopbackCheck, and then click Modify.
6.In the Value data box, type 1, and then click OK.
7.Quit Registry Editor, and then restart your computer.

By following that, after restart server, seems everything works ok! I must remember this in case in future I meet same error, and it may help you too.

Search

Google