Qlik Community

Ask a Question

Knowledge

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
Talk to Experts Tuesday: Live chat Aug. 24th 10 AM ET: Bring your Qlik Gold Client questions REGISTER TODAY

Authentication fails repeatedly when using external DNS alias locally on the server

Bastien_Laugiero

Authentication fails repeatedly when using external DNS alias locally on the server

When trying to connect to Qlik Sense Hub/QMC or QlikView Access point/QMC using a DNS ALIAS (or CNAME) record you are prompted to authenticate. 

After validating your credentials, it doesn't work and you are prompted again until the page goes completely blank. 


In the Windows System Event logs you will see this message: 

Event 6037 LsaSrv :
The program xxx, with the assigned process ID xxx, could not authenticate locally by using the target name HOST/.. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.
 Try a different target name.


Connecting to Qlik Sense/QlikView outside the QlikSense Server works.
Connecting from Qlik Sense/QlikView Server using the server name or the IP address in the URL works.

For this issue with Qlik Sense you may also have the below Audit_Proxy warning:

4783    20200414T025339.978+0200    WARN    SERVERNAME    Audit.Proxy.Proxy.Core.Connection.Validation.ConnectionDataValidator    27    03f227fe-53e8-478f-857c-8099358a7963    DOMAIN\QLIKSENSEACCOUNT   Http request Host is not allowed: 79.137.105.56.    0    18716f09-d684-48fc-bf1b-feb97f63e430                ::ffff:193.118.52.26                0024ddbcac7413c72adefc2ff4ce78e0f91eae88


Environment:

QlikView Server, any version
Qlik Sense Enterprise, any version
Qlik NPrinting, any version 
 

Resolution

 

Option 1: Disable the loopback check (not recommended)

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Lanmanserver\parameters
  3. Right-click parameters, point to New, and then click DWORD Value.
  4. Type DisableStrictNameChecking, and then press ENTER.
  5. Right-click DisableStrictNameChecking, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  8. Right-click Lsa, point to New, and then click DWORD Value.
  9. Type DisableLoopbackCheck, and then press ENTER.
  10. Right-click DisableLoopbackCheck, and then click Modify.
  11. In the Value data box, type 1, and then click OK.
  12. Quit Registry Editor, and then restart your computer.

Option 2: Specify host names (more secure)

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Lanmanserver\parameters
  3. Right-click parameters, point to New, and then click DWORD Value.
  4. Type DisableStrictNameChecking, and then press ENTER.
  5. Right-click DisableStrictNameChecking, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  8. Right-click MSV1_0, point to New, and then click Multi-String Value.
  9. Type BackConnectionHostNames, and then press ENTER.
  10. Right-click BackConnectionHostNames, and then click Modify.
  11. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  12. Quit Registry Editor, and then restart your computer

Microsoft references sites:
https://support.microsoft.com/en-us/help/926642/error-message-when-you-try-to-access-a-server-locall...
https://support.microsoft.com/sv-se/kb/896861
https://social.technet.microsoft.com/Forums/systemcenter/en-US/05cedf19-cd02-4c26-9651-4b5d5f46d58b/...
 
 

Cause

This problem occurs because of a Microsoft Security setting called loopback check that is designed to help prevent reflection attacks on your computer. 
Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
 
Labels (1)
Version history
Revision #:
3 of 3
Last update:
‎2020-10-28 11:23 AM
Updated by:
 
Contributors