Access Denied or No Network Provider Accepted Error Message

Symptoms

When you try to access a server locally by using its FQDN (Fully Qualified Domain Name), its DNS CNAME alias or UNC (Universal Naming Convention) path and you receive either the “Access denied” or “No network provider accepted the given network path” error messages but other computers on the network can access the resource, this article can help.

The following is a list of possible symptoms associated with this problem. You can have one or more of these symptoms depending on your situation.

  • You receive repeated logon windows.
  • You receive an “Access denied” error message.
  • You receive a “No network provider accepted the given network path” error message.
  • Event ID 537 is logged in the Security event log.
  • Applications may fail when making local NTLM authentication requests.

Additionally you can access the resource from either

  • Other systems on the network using UNC, FQDN or CNAME
  • The IP address of the local computer
  • The NetBIOS name of the local computer
  • The \\ComputerName of the local computer

History

Microsoft updated the loopback security model with Windows Server 2003 Service Pack 1(original KB926642). They added a security feature, originally KB957097, to prevent malicious programs from accessing other resource local to the system. This new feature is called the Loopback Check. This change was added to all operating systems so it affects Windows 7/8/8.1/10 and Server 2008/2008 R2/2012/2012 R2/20016/2019 and any new operation system.

This problem is very common for SharePoint sites when trying to access them locally from the web server for testing or on a local development environment on a developer’s workstation.

How to Resolve

There are two methods to fix this issue.

Method 1 Allow additional names to pass the Loopback Check

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. In the Name column, type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the CNAME or the DNS alias, that is used for the local shares on the computer, and then click OK
  7. Exit Registry Editor
  8. For website do an IISRESTART for all other programs restart the computer.

Method 2 Disable the Loopback Check

This method is a larger security risk over the first method.

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
  3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  4. Right-click Lsa, point to New, and then click DWORD Value.
  5. Type DisableLoopbackCheck, and then press ENTER.
  6. Right-click DisableLoopbackCheck, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.
  9. Restart the computer

Troubleshooting

Issues with BackConnectionHostNames

The registry key BackConnectionHostNames can be a problem. Make sure that:

  • Type each host name on a separate line.
  • Exists as a Multi-Value String
    • If it’s a REG_DWORD type, you have to delete it and recreate as a Multi-Value String

Issues with DisableStrictNameChecking

Check the registry key “DisableStrictNameChecking” found in HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters can be a problem.

  • Set it to 1
  • Restart the server.

References

All Site Tags

Access Denied ADFS Apache Authentication Cable Systems Claims Based Authentication Coding Command Line Content Management Systems dcdiag DHCP DNN Encryption Error Examples Hacking HTML Hyper-V IIS Installation Linux Logs-n-Logging LSA Main Page More Research Odds-n-Ends Patching Performance PHP PowerShell Protocols reference Registry Security Servers SharePoint SSL Testing Time Tips and Tricks TLS Tools Troubleshooting Windows WordPress

Scroll to Top