If you attempt to browse to a website on your local machine identified by a host header that differs from the NetBIOS name of the computer or if you reference your server via its fully qualified domain name (i.e., server.domain.local) you may be presented with a login dialog.  This login dialog will not accept your credentials and after three attempts you'll be presented with an error message: HTTP 401.1 - Unauthorized: Logon Failed.  This can be quite disconcerting and confusing.

I've lost many a sleepless hour trying to troubleshoot it in the past.

Well, it happened again today and for the life of me I couldn't find a reference to how to fix it on my blog.  I was certain I had blogged about it before.

The fix is to add a registry setting to bypass a security check introduced by Windows XP SP2 and Windows Server 2003 SP1.

1. Open your registry editor (regedit.exe)
2. Locate HKLM\SYSTEM\CurrentControlSet\Control\Lsa.
3. Create a new DWORD value named DisableLoopbackCheck and assign it a value of 1.

Though the KB article where I got this information says you need to reboot, I've not needed to.