Error message when you run the Communications Server 2007 Validation Wizard to validate the Web Components Server: "Received a failure HTTP response.: HTTP Response: 401 Unauthorized"

Article translations Article translations
Article ID: 941095 - View products that this article applies to.

Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
Expand all | Collapse all

On This Page

Symptoms

In the Microsoft Office Communications Server 2007 Microsoft Management Console (MMC) snap-in, you run the Communications Server 2007 Validation Wizard to validate the Web Components Server. When the validation process is complete, you receive error messages that resemble the following error message:
URL: Check https://PoolFQDN/GroupExpansion/Int/Service.asmx
Received a failure HTTP response.: HTTP Response: 401 Unauthorized

Content-Length:1539
Content-Type:text/html
Server:Microsoft-IIS/6.0
WWW-Authenticate:Negotiate,NTLM
X-Powered-By:ASP.NET
Date:Day, DateTime GMT

URL: https://PoolFQDN/Abs/Int/Handler/FileName.lsabs
Received a failure HTTP response.: HTTP Response: 401 Unauthorized

Content-Length:1539
Content-Type:text/html
Server:Microsoft-IIS/6.0
WWW-Authenticate:Negotiate,NTLM
X-Powered-By:ASP.NET
Date:Day, DateTime GMT
Note In this error message, PoolFQDN represents the fully qualified domain name (FQDN) of the enterprise pool.

This behavior occurs if the following conditions are true:
  • You have a server that is running Windows Server 2003 Service Pack 1 (SP1).
  • On the Validation steps page of the Validation Wizard, you click to select the Validate Local Server Configuration check box and the Validate Connectivity check box.

Cause

This behavior occurs because the Validation Wizard uses the FQDN of the Communications Server 2007 enterprise pool to access the Group Expansion virtual server and the Address Book Server (ABS) virtual server.

Note The Group Expansion virtual server and the ABS virtual server are on the Communications Server 2007 server that is hosting the Web Components Server.

Windows Server 2003 SP1 includes a loopback check security feature. This feature prevents reflection attacks on your computer. Therefore, if the FQDN or the custom host header does not match the local computer name, authentication fails.

Note Windows XP Service Pack 2 (SP2) also includes the loopback check security feature.

Workaround

To work around this behavior, use one of the following methods.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Method 1: Add the host names of the Group Expansion virtual server and of the ABS virtual server to the registry

To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click the MSV1_0 registry subkey, point to New, and then click Multi-String Value.
  4. Type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the host names of the Group Expansion virtual server and of the ABS virtual server, and then click OK.

    Note Make sure that you type each host name on a separate line.
  7. Exit Registry Editor, and then restart the IISAdmin service.

Method 2: Disable the loopback check security feature

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Note If you do not want to disable the loopback check security feature, use Method 1.

To have us disable loopback check security for you, go to the "Fix it for me" section. If you would rather disable loopback check security yourself, go to the "Let me fix it myself" section.

Fix it for me


To disable loopback check security automatically, click the Fix this problem link. Then click Run in the File Download dialog box, and follow the steps in this wizard.

Collapse this imageExpand this image
assets fixit1
Fix this problem
Microsoft Fix it 50306
Collapse this imageExpand this image
assets fixit2

Note This wizard may be in English only; however, the automatic fix also works for other language versions of Windows.

Note If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.

Let me fix it myself


To fix this problem yourself, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click the Lsa registry subkey, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor, and then restart the computer.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

After you install security update 957097, applications such as SQL Server or Internet Information Services (IIS) may fail when making local NTLM authentication requests. For more information about how to resolve this issue, click the following article number to view the article in the Microsoft Knowledge Base:
957097 MS08-068: Vulnerability in SMB could allow remote code execution

See the "Known issues with this security update" section of Microsoft Knowledge Base article 957097 for details about how to resolve the issue.

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

More information

The error messages that are mentioned in the "Symptoms" section indicate that the Validation Wizard cannot validate the Group Expansion virtual server and the ABS virtual server. However, when this behavior occurs, you can successfully access the Group Expansion virtual server and the ABS virtual server.

To access the Group Expansion virtual server, enter the following URL in the address bar of a local Web browser on the Communications Server 2007 server:
https://localhost/GroupExpansion/Int/Service.asmx
To access the ABS virtual server, enter the following URL in the address bar of a local Web browser on the Communications Server 2007 server:
https://localhost/Abs/Int/Handler/FileName.lsabs
For more information about error 401.1, click the following article number to view the article in the Microsoft Knowledge Base:
896861 You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6

Properties

Article ID: 941095 - Last Review: September 4, 2013 - Revision: 6.0
Applies to
  • Microsoft Office Communications Server 2007 Enterprise Edition, when used with:
    • Microsoft Windows Server 2003 Service Pack 1
Keywords: 
kbmsifixme kbfixme kbexpertiseadvanced kbtshoot kbprb KB941095

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com