Came across a problem recently while on site with a client which I have never come across before.
If you are trying to test your SharePoint Server web applications locally on a SharePoint server and you find that it is refusing to accept the locally logged on user or another user who should have access to the site by asking for your credentials 3 times before telling you that you don’t have access, it is because of a security feature within IIS which will not allow the use of integrated security for a hostheader that is not the server’s hostname.
Fortunately there is something you can do:
The feature is called “Loopback Security” and can be disabled through a registry key.
Create a new DWORD registry key called “DisableLoopbackCheck” in the location “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa”, then set its value to “1”.
You should then be able to access the sites with host headers.