Infinite authentication prompts issue when launching SharePoint 2013 on local machine
After setting up on premise SharePoint 2013 environment, isolated application domain must be configured to install and run SharePoint 2013 App. Ofcourse the application domain has to be added into the bypass list and trusted sites list to avoid authentication prompts.
Despite of right configuration and entering right credentials, if you are presented with infinite authentication prompts, you may have to disable loopback check. The problem occurs only when trying to lauch app from the server, usually a development VM. App can be launched from browser in client machine without any issue.
Loopback
What is Loopback Check?
Loopback check security features block reflection attacks on the server by comparing the address it is trying to access with the local server name. If both addresses are same, it is a loopback and then the authentication fails. Such check prevent running fake version of a web site and redirecting incoming request to itself. Loopback doesn’t occur if FQDN(Fully Qualified Domain Name) or host header isn’t used. However, for apps, configured isolated application domain must be FQDN.
Loopback check shouldn’t be disabled in production environment or a public facing site as it makes it vulnerable to reflection attacks.
Disabling Loopback Check:
1. Backup registry of the target machine.
2. Open registery editor(by typing regedit.exe or regedt32.exe in Start->Search program and files)
3. Add DWORD registry value DisableStrictNameChecking HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters and set it to 1 with base type Decimal
4. Add DWORD registry value DisableLoopbackCheck at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and set it to 1 with base type Decimal
5. Close registery editor. Restart the machine
6. Deploy the app again.
7. Launch the app locally.
You can also modify registry values by using powershell.
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -Value “1” -PropertyType dword
SharePoint 2013 Deployment Error: Failed to Install App for SharePoint
Please make sure your SharePoint environment has isolated application domain configured to run apps. You can verify this by looking for following errors in ULS logs:
- Error occurred in deployment step ‘Install App for SharePoint’: Failed to install App for SharePoint.
- Cannot complete this action. Please try again.<nativehr>0×80004005</nativehr><nativestack></nativestack>
- App domain must be configured prior to completing this operation.
Follow instructions to set up application domain here (under section Create an isolated app domain on your development computer)
