DisableLoopBackCheck when routing through a Load Balancer (PowerShell sample included)

This post on this blog are provided “AS IS” with no warranties - Editing of the Registry is at your own risk.
 

Quick Summary

This has been fleshed out so many times and detailed very well by

Spencer https://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx and

Bob https://blogs.technet.com/b/sharepoint_foxhole/archive/2010/06/21/disableloopbackcheck-lets-do-it-the-right-way.aspx

The only recommended approach to correctly apply this change on Production is as per Method 1 as per the KB article (Spencer also reminds you, DO NOT DO Method 2 on a production server)

Why do we need more Info when a Load Balancer is Involved

The layout of entries is important and it must include the Load Balanced URL so see below.
I also include a PowerShell command to add the entries - this is particularly helpful when you have a few servers and a lot of URL's.
Antivirus software on a Server can block you.

What to do

The KB support is here https://support.microsoft.com/kb/926642
(EXTRACT FROM THE KB ARTICLE ABOVE)

Method 1: (Editing the Registry is dangerous so make sure you know what you are doing and have a back-up)

To do this, follow these steps for all the Web Front end Servers in the Farm (I complete this on all servers in the Farm in case I promote an App Server to become a WFE server)

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
3. Right-click MSV1_0, point to New, and then click Multi-String Value.
4. In the Name column, type BackConnectionHostNames, and then press ENTER.
5. Right-click BackConnectionHostNames, and then click Modify.
   1. In the Value data box, type the CNAME or the DNS alias, that is used for the local shares on the computer, and then click OK.
      Note Type each host name on a separate line.
      Note If the BackConnectionHostNames registry entry exists as a REG_DWORD type, you have to delete the BackConnectionHostNames registry entry.
6. Quit Registry Editor, and then restart the IISAdmin service.
   (Open Services.msc and restart the IISAdmin Service - if you still have the issue then the server will need to be restarted -Schedule after hours)

NB: My 5 cents on the above:

1. 1. Ensure the Host Names are on a separate line with no characters or spaces inbetween (My examples below)
      mytest.sharepoint.com
      test.sharepoint.com
   2. Make sure you add the URL that is used by the Load Balancer otherwise you will still be prompted (My example below - this is dependent on how your redirection is configured)
      myloadbalancer.sharepoint.com

PowerShell example to add your URL's so you don't have to add each one manually:

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0 -Name "BackConnectionHostNames" -value "mytest.sharepoint.com`r`ntest.sharepoint.com`r`nmyloadbalancer.sharepoint.com" -PropertyType MultiString

Simply replace your URL's where mine are and add any additional URL's making sure you include the New Line and Carriage Return characters `r`n inbetween each URL.

NB - ANTIVIRUS

Some Antivirus software will block both Manual and PowerShell editing of the Registry for the root below \Lsa.
You may have to temporarily disable the Antivirus whilst making these changes.