When trying to connect to Qlik Sense Hub/QMC or QlikView Access point/QMC using a DNS ALIAS (or CNAME) record you are prompted to authenticate.
After validating your credentials, it doesn't work and you are prompted again until the page goes completely blank.
In the Windows System Event logs you will see this message:
Event 6037 LsaSrv :
The program xxx, with the assigned process ID xxx, could not authenticate locally by using the target name HOST/.. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.
Try a different target name.
Connecting to Qlik Sense/QlikView outside the QlikSense Server works.
Connecting from Qlik Sense/QlikView Server using the server name or the IP address in the URL works.
For this issue with Qlik Sense you may also have the below Audit_Proxy warning:
4783 20200414T025339.978+0200 WARN SERVERNAME Audit.Proxy.Proxy.Core.Connection.Validation.ConnectionDataValidator 27 03f227fe-53e8-478f-857c-8099358a7963 DOMAIN\QLIKSENSEACCOUNT Http request Host is not allowed: 79.137.105.56. 0 18716f09-d684-48fc-bf1b-feb97f63e430 ::ffff:193.118.52.26 0024ddbcac7413c72adefc2ff4ce78e0f91eae88
Environment:
QlikView Server, any version
Qlik Sense Enterprise, any version
Qlik NPrinting, any version
Resolution
Option 1: Disable the loopback check (not recommended)
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Lanmanserver\parameters
- Right-click parameters, point to New, and then click DWORD Value.
- Type DisableStrictNameChecking, and then press ENTER.
- Right-click DisableStrictNameChecking, and then click Modify.
- In the Value data box, type 1, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Quit Registry Editor, and then restart your computer.
Option 2: Specify host names (more secure)
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Lanmanserver\parameters
- Right-click parameters, point to New, and then click DWORD Value.
- Type DisableStrictNameChecking, and then press ENTER.
- Right-click DisableStrictNameChecking, and then click Modify.
- In the Value data box, type 1, and then click OK.
- In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Right-click MSV1_0, point to New, and then click Multi-String Value.
- Type BackConnectionHostNames, and then press ENTER.
- Right-click BackConnectionHostNames, and then click Modify.
- In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
- Quit Registry Editor, and then restart your computer
Microsoft references sites:
https://support.microsoft.com/en-us/help/926642/error-message-when-you-try-to-access-a-server-locall...https://support.microsoft.com/sv-se/kb/896861https://social.technet.microsoft.com/Forums/systemcenter/en-US/05cedf19-cd02-4c26-9651-4b5d5f46d58b/...
Cause
This problem occurs because of a Microsoft Security setting called loopback check that is designed to help prevent reflection attacks on your computer.
Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
