Good ole loopback check - how I hate thee

It seems every year or so, I've run into the same issue over and over again. And every time I forget the resolution due to the vague security error message.

We receive an "HTTP 401.1 - Unauthorized: Logon Failed" error when using a local web service from another web site or web service on the same machine, using windows integrated authentication.

After a few hours of debugging and research, we discover the root cause is the loopback check security feature described in these kb articles:

http://support.microsoft.com/kb/896861

http://support.microsoft.com/kb/926642
(Note: even though this article says this issue applies to Win 2003 SP1, it also applies to any Windows Server OS since then, including 2008-2012.)

The solution is to modify the registry and add a DisableLoopbackCheck entry or to add host names in BackConnectionHostNames registry entry.

I have run into this same issue with custom web services as well as when using a local SharePoint install, Reporting Services web services and even one scenario where a .NET web application was using local Java web services.

Removing ZoneIDs from downloaded files

If you are like me, you are constantly removing the ZoneID from files downloaded from the internet using the following approach:

Right-click File > Properties > Unblock

Thanks to this post from Raymond Chen's excellent The Old New Thing blog, I've found a way to remove the need to do this at all.

Group Policy editor
User Configuration > Administrative Templates > Windows Components > Attachment Manager > enable Do not preserve zone information in file attachments