You must also consider whether you need to disable loopback checking. Windows Server blocks access to a website if the
request for the website originates from the IP address of the server itself.
Loopback checking prevents you from using a browser on a SharePoint server to browse to a site on the same server farm. In a production environment, it is
not recommended that you log on to a SharePoint server and use a browser on the server. However, this usage scenario may be more common in a development,
testing, or training environment, as well as during installation and configuration tasks.
Loopback checking also prevents SharePoint services—most notably the search crawler that indexes SharePoint content—from accessing sites on the same server
farm. The crawler, which runs on a SharePoint server, will request content to index, and the request will be denied. The crawl process will generate Access
Denied events, and no content will be indexed.
The problem is solved by removing or controlling loopback checking. Details can be found in the Microsoft Knowledge Base article You receive error 401.1
when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version.
The article discusses two options. Method 1 involves specifying all sites hosted on the server so that the server allows requests to those sites to
originate from the same server. Method 2 entails disabling loopback checking altogether for all sites.
Method 2 reduces the security of the server more
than Method 1. Therefore, the TechNet article recommends Method 2 only for development and test environments. However, method 1 requires closely managing the servers on a
SharePoint farm. Each time a new Web application is added to the farm, its fully qualified host name must be added to the list of sites for which loopback
checking is skipped.