Why the SharePoint default server name does not work

I am running Sharepoint 2007(Single server, server farm) on SQL 2005 with Windows 2003 server, however, I got a strange authentication problem.

The server name is called sharepoint01, however, I am unable to connect to it using URL http://sharepoint01 and always return with 401 authentication error page after prompting for credential 3 times, instead there is another host record on DNS server and pointed to the name intranet with the same IP address.  When connecting using URL http://intranet, it works with "windows authentication" without even asking for user credential.

I tried to create another host record on DNS using another name, intranet01, the URL http://intranet01 works as well using "windows authentication".

Why the default server name does not work?  The sharepoint01, intranet and intranet01 are not added to the trusted zone on IE.

I usually build a Virtual Machine that consists of the following for SharePoint development:

    Windows Server 2008
    SQL Server 2008 SP1
    Visual Studio 2008 SP1 with Team Explorer (and VSeWSS 1.3)
    Office 2007 SP2
    Domain Controller and DNS Services

I use host headers to allow the web applications I create on the VM to run on port 80.  However, recently, the ability for me to visit a web application suddenly stopped inexplicably.  What happened was that any web application seemed to prompt me for NTLM credentials three consecutive times, but then deny me each time with a blank page.  SharePoint¡¯s access denied page was not even rendered.  Furthermore, any HTML files (images, txt, html) could not be served from the virtual directory of the web application.  I found that I could visit http://localhost:portnumber sites, but no sites that used host headers.

It turns out that a recent security patch delivered through Windows Update caused the issue.  There is a security update that causes any ¡°excessive¡± traffic on the loopback adapter to be shut down.  This means that unless you either turn off the loopback adapter security check, or place all DNS names you want to use for web application host headers under a specific registry key, host headers won¡¯t work and you will be denied access.  See the KB here:

http-://support.microsoft.-com/kb/896861

And the recommended steps below:
Method 1: Specify host names
Note We recommend that you use this method.
To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

    Click Start, click Run, type regedit, and then click OK.
    In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
    Right-click MSV1_0, point to New, and then click Multi-String Value.
    Type BackConnectionHostNames, and then press ENTER.
    Right-click BackConnectionHostNames, and then click Modify.
    In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
    Quit Registry Editor, and then restart the IISAdmin service.

Method 2: Disable the loopback check
Follow these steps:

    Click Start, click Run, type regedit, and then click OK.
    In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    Right-click Lsa, point to New, and then click DWORD Value.
    Type DisableLoopbackCheck, and then press ENTER.
    Right-click DisableLoopbackCheck, and then click Modify.
    In the Value data box, type 1, and then click OK.
    Quit Registry Editor, and then restart your computer.