Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!

Authentication fails repeatedly when using external DNS alias locally on the server

100% helpful (2/2)
cancel
Showing results for 
Search instead for 
Did you mean: 
Bastien_Laugiero

Authentication fails repeatedly when using external DNS alias locally on the server

Last Update:

Oct 28, 2020 11:23:51 AM

Updated By:

Sonja_Bauernfeind

Created date:

Oct 25, 2016 9:03:16 AM

When trying to connect to Qlik Sense Hub/QMC or QlikView Access point/QMC using a DNS ALIAS (or CNAME) record you are prompted to authenticate. 

After validating your credentials, it doesn't work and you are prompted again until the page goes completely blank. 


In the Windows System Event logs you will see this message: 

Event 6037 LsaSrv :
The program xxx, with the assigned process ID xxx, could not authenticate locally by using the target name HOST/.. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.
 Try a different target name.


Connecting to Qlik Sense/QlikView outside the QlikSense Server works.
Connecting from Qlik Sense/QlikView Server using the server name or the IP address in the URL works.

For this issue with Qlik Sense you may also have the below Audit_Proxy warning:

4783    20200414T025339.978+0200    WARN    SERVERNAME    Audit.Proxy.Proxy.Core.Connection.Validation.ConnectionDataValidator    27    03f227fe-53e8-478f-857c-8099358a7963    DOMAIN\QLIKSENSEACCOUNT   Http request Host is not allowed: 79.137.105.56.    0    18716f09-d684-48fc-bf1b-feb97f63e430                ::ffff:193.118.52.26                0024ddbcac7413c72adefc2ff4ce78e0f91eae88


Environment:

QlikView Server, any version
Qlik Sense Enterprise, any version
Qlik NPrinting, any version 
 

Resolution

 

Option 1: Disable the loopback check (not recommended)

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Lanmanserver\parameters
  3. Right-click parameters, point to New, and then click DWORD Value.
  4. Type DisableStrictNameChecking, and then press ENTER.
  5. Right-click DisableStrictNameChecking, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  8. Right-click Lsa, point to New, and then click DWORD Value.
  9. Type DisableLoopbackCheck, and then press ENTER.
  10. Right-click DisableLoopbackCheck, and then click Modify.
  11. In the Value data box, type 1, and then click OK.
  12. Quit Registry Editor, and then restart your computer.

Option 2: Specify host names (more secure)

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Lanmanserver\parameters
  3. Right-click parameters, point to New, and then click DWORD Value.
  4. Type DisableStrictNameChecking, and then press ENTER.
  5. Right-click DisableStrictNameChecking, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  8. Right-click MSV1_0, point to New, and then click Multi-String Value.
  9. Type BackConnectionHostNames, and then press ENTER.
  10. Right-click BackConnectionHostNames, and then click Modify.
  11. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
  12. Quit Registry Editor, and then restart your computer

Microsoft references sites:
https://support.microsoft.com/en-us/help/926642/error-message-when-you-try-to-access-a-server-locall...
https://support.microsoft.com/sv-se/kb/896861
https://social.technet.microsoft.com/Forums/systemcenter/en-US/05cedf19-cd02-4c26-9651-4b5d5f46d58b/...
 
 

Cause

This problem occurs because of a Microsoft Security setting called loopback check that is designed to help prevent reflection attacks on your computer. 
Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
 
Labels (1)
Comments
jaishree_Qlik
Partner - Contributor III
Partner - Contributor III

This solution worked in Feb 2023 Qliksense Version too.

Contributors
Version history
Last update:
‎2020-10-28 11:23 AM
Updated by: