401 Error generated when connecting directly to another Node in an NLB Configuration

Version 1

    Verified Product Versions

    AppSense Environment Manager 8.6AppSense Environment Manager 8.5AppSense Environment Manager 8.4AppSense Environment Manager 8.3AppSense Environment Manager 8.2AppSense Environment Manager 8.1AppSense Environment Manager 8.0AppSense Management Center 8.6AppSense Management Center 8.5AppSense Management Center 8.4AppSense Management Center 8.3AppSense Management Center 8.2AppSense Management Center 8.1AppSense Management Center 8.0AppSense Management Center 8.7


    After configuring two (or more) AppSense Management Centers or Personalziation Servers in a load-balanced configuration as per our best practices, you find that you are unable to connect successfully via your NLB address when connecting directly from some Consoles.

    Example Scenario:

    1. Open AMC Console on Node A
    2. Enter your NLB address and try to connect
    3. You receive a
      401 Authentication Error


    In Windows 2003 SP1 (and greater), Microsoft introduced a loopback check security feature that is designed to help prevent reflection attacks on your computer. 

    Further Detail available at:

    As part of your NLB/Windows Authentication configuration on your IIS Servers you should have already created values for your VIP (NLB Virtual IP Address) within the following Registry Location:

    Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
    Value: BackConnectionHostNames
    Value Type: REG_MULTI_STRING
    Value Data: A newline delimited list containing entried relsating to your servers in the following format

    In order to connect directly from one Node to the other via the Management Console using Windows Authentication, you will need to additionally add entries for the remote Node (Netbios, FQDN and IP are recommended)