Home > Hardware and Software, Microsoft, Windows Server > Testing/Profiling From the Web Server

Testing/Profiling From the Web Server

October 7, 2008

Running ANTS Profiler or gathering other information is fine and good against the local IIS on my workstation; however, sometimes it’s good to see how things perform on server-class systems.  Our development/testing servers are, in many cases, nearly identical to our production servers to provide the most accurate baselines possible. 

For the past few weeks, I’ve wanted to run performance profiling locally on the development server; however, I could never get single sign-on authentication to work.  The domain authentication box would popup, not accept the password, and throw an HTTP 401.1 denied message.

Until recently, I simply shrugged it off as something I’ve dinked with and broke on the server—and it probably needed reimaged.  A bit of Googling pointing out that, as with most things, this “behavior is by design” in Server 2003 SP1 and higher.

From KB 896861:

This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

Yep, that’s me—we use host headers for most of our sites, e.g. app1.domain.local.

The KB article lists two “work arounds”:

  • Disable the loopback check
  • Specify host names

I tried the second option first; however, I couldn’t get it to accept more than three names and didn’t like having to modify the registry (even on a development server) every time we rolled a new app to it to test.

The second option to simply disable the check did work; however, is not something I’d roll out to a non-development box (our dev servers are on a separate IP network and are pretty much hidden from everything else outside this building).
Method 1: Disable the loopback check
Follow these steps:
 
1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
 
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.
 
%d bloggers like this: