You receive error 401.1 when browsing a local IIS with WindowsAuth

This usually happens when you try browsing your ADFS from within the same machine where ADFS is running. This is not related to ADFS, but it's an issue with Windows Integrated Authentication in IIS in general.

To fix this you have to set a registry key on the ADFS machine.

To set the DisableLoopbackCheck registry key yourself, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.

Here is a PowerShell one-liner to change that key:

Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -name "DisableLoopbackCheck" -value 1 -Type DWORD

Feedback and Knowledge Base