SharePoint keeps asking for credentials when accessing site with public IP address. After many attempts IIS returns HTTP 401.1 – Unauthorized: Logon Failed
Event ID: 6037 The program w3wp.exe, with the assigned process ID 8260, could not authenticate locally by using the target name HTTP/portal.celoxgroup.com.au. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name. Try a different target name.
This problem occurs when IIS website uses Windows Integrated authentication and has a host header mapped to the local IP address. This is by security design to help prevent attacks to the server and authentication fails if the FQDN does not match the local computer name.
Add host headers to BackConnectionHostNames registry key to allow specific FQDN:
- Open Registry Editor and navigate to HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Add new Multi-String Value and name it BackConnectionHostNames
- In the Value data box type all host names located on the local server
- Restart IIS
More information on Microsoft Article KB896861.