Yesterday I was working on polishing up some demos I will be using in my upcoming session at the Regional SharePoint Users Conference 2009 at the end of June and all of a sudden I was unable to authenticate to any of the SharePoint sites running in my VM except for Central Admin; I would get prompted for credentials (this was automatically propagating not too long ago) but would end up in an endless cycle getting nowhere fast. Looking at the difference between Central Admin and the other sites provides a clue to what was happening, I access the Central Admin site using the name of the server (DEMOSERVER in this case) but I access the other sites using FQDNs registered in a local DNS (such as staging.demo.local).  I recalled an email a colleague, Bob German, had recently sent out with the same issue which I had apparently deleted but luckily Ed Hild had a copy and indeed Bob’s fix worked for me.  So it seems an update was pushed down to my VM when I was converting over to run in Hyper-V (I enabled the extern NIC to get the latest SDK downloaded) and this update tightened security for loopback requests to FQDNs.  The fix for this is described in the KB article linked below.  If you are having some strange authentication issues for requests within the context of the same machine (I have seen others experience this issue with the search crawler and Forms Services) this may be the ticket.

You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6

Basically there are two options, disable the loopback check or store each FQDN on the machine.  I experimented with adding each FQDN to the registry vs. simply disabling the loopback check but it appears wildcards are not supported (*.demo.local) and since I add new sites and FQDNs fairly regularly during demos this approach didn’t work for me.  Also, you will notice the KB does not reference Server 2008 or IIS 7 but the issue occurred and the fix worked for me in a Server 2008 environment