The issue happens when dealing with sites that Integrated Authentication and have names that are mapped to the loopback address. Translation: if you are using Windows with Claims or Classic Mode web applications and you are trying to connect from the server, this is you.
The LoopbackCheck security feature is enabled by default on Windows Server since 2003 SP1 and since most SharePoint Farms are going to have an FQDN AAM or two, this is going to be something that many admins are going to run into.
There are two options, and as in most scenarios one is easy and the other is the right way.
Option 1. – create a Multi-String Value that has all of your AAMs for the server and restart the IISADMIN service.
Option 2. – disable the LoopbackCheck on the server
The Microsoft recommended option is #1 (I happen to agree), however you have to do this on every server (however if you have access to create and modify GPOs, this should be something that you can just have centrally managed for all SharePoint WFEs) and you need to have the list of all of your AAMs handy with which to do it. Not a ton of work, so bite the bullet and update the registry entry.
Serious caveat: Option 2 is great if you are working on a developer vm or something to play with for a short burst, but if you are going to put something in production, please protect yourself and allow Microsoft to do the same. This is one of those security scenarios where they are putting a validation check in place to protect you from malicious attacks.
For the more detailed steps on making the changes visit the KB article and get it from the horse’s mouth.