Microsoft have just released a bunch of security fixes for IE in an update – 963027 – which stops you being able to connect to local websites on your server. You will be prompted to enter a username and password but will receive the standard 401 error after entering credentials 3 times. There may well be a way to work around this more appropriately, but for now I have removed this update. (see update below).
N.B. This update only applies after reboot and equally only removes after reboot.
To do this go to “Add/Remove Programs”, select the “Updates” checkbox if necessary and find “Windows Internet Explorer 7″. If you find an entry in here for “963027″ then remove it and reboot (remember, the update is still in effect until you have rebooted).
UPDATE:
Thanks to Matt Tate for pointing out that this is related to a loopback security update. It turns out that security fix 963027 extends an existing change with regards to the use of the loopback address (127.0.0.1) to include any local web server access (actually – I have only tested this with CNAME DNS entries, it might not happen with A pointers).
See this article for further information:
http://support.microsoft.com/kb/896861
N.B. This also affects indexing – http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=107
SOLUTION:
I am using Method 2 for all personal development and test machines.
********************** FROM MICROSOFT KB ARTICLE ABOVE **********************
To work around this issue, use one of the following methods. Note We recommend that you use this method. Follow these steps:
Method 1: Specify host names
To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:
Method 2: Disable the loopback check
georgebonney