401 - Unauthorized: Access is denied due to invalid credentials
-
Friday, July 13, 2007 12:44 AMAfter installing MSCEP, enter http://Server2008/certsrv/mscep_admin in the browser.
Enter correct user name and password in pop-up box. Windows 2008 keeps rejecting the correct user name and password. Browser displays error when clicked on cancel.
All Replies
-
Friday, July 13, 2007 6:55 AMModeratorHave you checked under authentication in IIS?
-
Friday, July 13, 2007 3:42 PMDidn't worked either.
-
Monday, July 16, 2007 6:48 AM
Hello,
Try to check the auth providers with this script in command prompt:
cscript adsutil.vbs get w3svc/WebSite/root/NTAuthenticationProviders
if you do not have NTLM, the add it with this script:
cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "NTLM"
Of course, you should change the website element to your custom one.
Maybe it solves your issue.
Regards,
Janos
-
Tuesday, March 30, 2010 3:20 PM
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
- Proposed As Answer by EugBer Thursday, May 27, 2010 6:43 PM
-
Sunday, May 09, 2010 5:34 AM
Hi jay-dubb, can't find that "Providers in "Windows Authentication" in IIS 7? I am using Windows 2008 Server.
-
Thursday, May 27, 2010 6:43 PM
You rock! This totally fixed me! Thank you for taking the time to post!To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
- Proposed As Answer by Ctrunk514 Monday, January 07, 2013 9:53 PM
-
Thursday, May 27, 2010 6:45 PM
Hi jay-dubb, can't find that "Providers in "Windows Authentication" in IIS 7? I am using Windows 2008 Server.
Go to the site, click Authentication in the middle and then the middle frame has the authentication types. Click on Windows Authentication and then Providers appears under actions in the right frame. -
Friday, July 09, 2010 6:58 PMThis must not apply to IIS 7.5 - there is no "Windows Authentication" item under "Authentication". There is a Providers icon under ASP.net. Is this what you mean?
-
Friday, August 13, 2010 2:50 PM
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
That fixed me as well. Thank you very much for posting this. -
Thursday, August 19, 2010 5:14 PM
I'm running the Server 2008 IIS7 and can't find the Providers you talk about under the IIS Header. I do have a Providers in the ASP.NET.
The main problem is that I'm having a issue that the IP Address works with no problem, but the DNS name does not want to pass the credential through to the server.
I'm totally stuck on this problem.
Sniffles
-
Wednesday, November 24, 2010 9:55 AMThanks for the suggestion about moving NTLM above Negotiate, jay-dubb - it was the cause of my problems, too, and so much time was wasted before I found the one page out of the first 40 Google results (this page) that identified it.
-
Wednesday, November 24, 2010 10:01 AM
jdigap - I don't know if you found the answer to your problem (obviously it's some time ago now, but this being a public record of answers and all I figured I'd post suggestions for anyone else, too) - first you need to open the Authentication section. If you don't have a Windows Authentication entry under there you need to go into the Server Manager Roles and use Add Role Service on the IIS entry to add the Windows Authentication service.
If Windows Authentication is listed, then you select the Windows Authentication option and over at the right hand side in IIS 7 there should be a Providers... link which you click to list the providers, and can change the order in there.
-
Saturday, December 11, 2010 11:59 PMThaks for the tip. This worked for me.
-
Monday, December 13, 2010 10:51 AMWorked like charm..
-
Tuesday, January 04, 2011 3:15 PMAmazing!! This worked a treat for me too.
-
Tuesday, January 11, 2011 11:32 PM
Unbelievable. I would have never found this if it weren't for you. Thanks!
-
Saturday, February 05, 2011 11:08 AM
Jay-dubb,
THANKYOU!
If I could send you a virtual beer I would...
I've lost so much time over that :(
-
Sunday, February 20, 2011 4:00 PMI shared my wwwroot folder and I got this error message. The only reason why I would do a share folder is so that I was able to update the sit via network. Anyways been working on this issue for about 2 days. Then I came across this form and it fixed my problem. Thank you so much. :)
-
Monday, March 07, 2011 8:56 PMExcellent! I wish it was always this simple instead of trolling through hundreds of meaningless posts by people second guessing. Thanks a lot!
Freelance IT consultant/developer -
Tuesday, March 22, 2011 7:23 AM
None of the responses help me to solve the problem; here is how I solved it.
My Problem started when I shared the folder.
When I Enabled Windows Authentication It started giving me a Login Windows for User Name & Password, That was not desired by me so I disabled the Windows Authentication, in fact all of them expect the Anonymous Authentication, When Clicked “Edit“Anonymous Authentication it showed a user it was IUSR I gave full rights to IUSR for the subject folder and my website started working
- Proposed As Answer by Strahan Friday, January 06, 2012 6:31 PM
-
Wednesday, March 23, 2011 8:33 PM
I'm running the Server 2008 IIS7 and can't find the Providers you talk about under the IIS Header. I do have a Providers in the ASP.NET.
I am having the exact same issue. For the Action pane elements I only have advanced settings, no providers. I do also have a providers under asp.net that doesn't appear to be the same as the one for Windows Authentication.
Did anyone ever figure out how to edit the providers in Windows Authentication?
-
Thursday, March 24, 2011 9:21 PM
try this.. it worked for me in IIS7.
KB Article Link: http://support.microsoft.com/kb/215383
Check the NTAuthenticationProviders IIS metabase property, if it is set to default “Negotiate,NTLM” .
C:\inetpub\AdminScripts>cscript adsutil.vbs get w3svc/NTAuthenticationProviders
Set NTAuthenticationProviders IIS metabase property to “NTLM”.
C:\inetpub\AdminScripts>cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"
-
Friday, March 25, 2011 3:48 PMGreat!!! That worked for me too.
-
Saturday, March 26, 2011 2:47 AM
I'm running Windows Server 2008 R2 and IIS 7.5.
I was receiving the same error and after messing around with it, this is what fixed it.
In IIS, select the website you're having the issue with.
In the IIS section, select 'Authentication'.
Right click on Anonymous Authentication and select 'Edit'
Check the 'Specified User' radio button and click on 'Set'
I entered my username, password and password confirmation and click ok.
This solved my problem and I hope it can help someone else.
Cheers!
-
Wednesday, April 27, 2011 11:28 AM
For IIS 7.5, check out this article:
http://support.microsoft.com/kb/950100
Issue 3: Error message when you try to open the Microsoft Dynamics CRM 4.0 Web application:
"HTTP Error 401.2 – Unauthorized"
To work around this problem, enable the Windows Authentication role service in the Web Server (IIS) role.
-
Wednesday, May 04, 2011 7:41 PMI was not able to find providers in IIS 7, but the command line utility worked like a charm!!! Thank you!!!
-
Wednesday, May 18, 2011 1:48 AM
You are a legend mate. Saved me heaps of headaches.To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
-
Wednesday, June 01, 2011 9:21 AM
You rocked!!!! It really fixed the issue.To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
-
Friday, June 03, 2011 2:52 PM
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
Thank you so much! I faffed about for hours over this issue - I even thought about switching the providers out of desperation, but dismissed the idea for being too stupid!!! -
Friday, June 03, 2011 3:41 PMThis did it for me! Good job with your post.
-
Wednesday, July 13, 2011 9:07 PMThanks a million.. this works for me!
-
Tuesday, July 19, 2011 5:06 PMThanks a lot that did it for me too. I spent days trying to figure this out.
-
Friday, July 29, 2011 4:14 PMThanks a lot. This helped.
-
Wednesday, August 31, 2011 1:11 PMThis worked for me, too! Thank you!
-
Wednesday, August 31, 2011 3:33 PMGreat ! Who would believe that the order matters.
-
Friday, September 02, 2011 8:15 AMWorked for me, thanks!
-
Wednesday, October 19, 2011 8:08 PM
I'm posting this so that if anyone having a similar issue to mine can solve their problem.
I too received the 401.2 Unauthorized error message. I had all of the correct features installed and configured on the web site and the virtual directory. Yet, I still received the 401.2 Unauthorized error message. We configured all of our anonymous access to use specific credentials in the applicationHost.config file of IIS. To solve the problem, I configured the application pool running the virtual directory to use the same credentials configured for anonymous access. I then went into the virtual directory, opened up the Authentication, and edited the Anonymous access credentials. In my case, the Specific User option was checked (it contained the name of the credentials we configured in applicationHost.config). I switched it to the Application pool identity option (the same credentials!) and the application started working.
I wish I could explain why this fixed the problem, but I'm completely baffled.
-
Monday, November 28, 2011 10:08 PM
For IIS 7.5, check out this article:
http://support.microsoft.com/kb/950100
Issue 3: Error message when you try to open the Microsoft Dynamics CRM 4.0 Web application:
"HTTP Error 401.2 – Unauthorized"
To work around this problem, enable the Windows Authentication role service in the Web Server (IIS) role.
For IIS 7.5 you can enable it like this:http://www.iis.net/ConfigReference/system.webServer/security/authentication/windowsAuthentication
-
Thursday, December 22, 2011 11:55 AM
Worked for me too.
Thank you so much!
We just need to go to the Authentication section for the particular website, edit the Anonymous Authentication, for specific user ISUR, click Set, enter username and password and all set to GO!
-
Friday, January 06, 2012 6:31 PMThanks Naseer! That solved my problem.
-
Wednesday, January 18, 2012 2:04 PM
This just saved me... thanks so much!To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
-
Friday, January 20, 2012 5:37 PM
WOW!
Thanks jay-dubb!
This certainly set me in the right direction. I do not have Windows Authentication but under 'Anonymous Authentication' I changed this to authenticate to the IIS App Pool instead of IUSER.
Thanks again!
- Edited by Michael A Strauss Friday, January 20, 2012 5:37 PM
-
Tuesday, January 31, 2012 7:54 AM
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
Thank you for taking the time to post jay-dubb - Worked for me, on a 2 year old certserver!
KL_Dane -
Tuesday, January 31, 2012 3:12 PM
Thanks for this resolution. Worked on my environment of Server 2008R2 CA!To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
Jay Valambhia | www.netflo.co.uk -
Tuesday, January 31, 2012 3:31 PM
Just remember that this means that Kerberos will not be used, every user will now authenticate with NTLM insted of Kerberos.
Also to configure Kerberos correct you have to set the correct SPN for the application pool the IIS site is running in. -
Wednesday, February 08, 2012 8:12 AMThat makes perfect sense that bad credentials errors can be fixed in the authentication options. I tried Basic Authentication to see if I could log into my web page (actually it's my wife's - a redirect from a virtual directory in my website) using my admin username and password. Shockingly, the website wouldn't let me in. I checked out the folder permissions and they had changed on me (probably a Windows update). I gave everybody in the ACL read (and read/write) permissions and all of a sudden I could log in. I disabled Basic Authentication and went back to Anonymous Authentication and the page still came up without that nasty 401 error. BTW, I'm running IIS 7.5
-
Tuesday, April 24, 2012 9:38 AM
I'm having the same problem. Didn't have Windows Authentication so I added this role. Now, when I select Authentication > Windows Authentication I don't have the 'Providers' option in the right hand pane.
Can anyone please tell me how to install/access the Providers so that I can change them? I am using IIS7 on Windows Server 2008
-
Thursday, May 24, 2012 3:36 PMjay-dubb, I could kiss you! Thanks!
-
Monday, June 11, 2012 9:13 AM
This fixed it for me when using windows authentication, thank youTo whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
-
Friday, June 15, 2012 3:10 AM
Hi ,
Do you have to restart the IIS service for the effect to take action ?
-
Wednesday, July 11, 2012 3:45 PM
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
I know its an old thread but I just ran into this issue with scom 2012 and Jay-dubb's fix worked great. -
Wednesday, August 22, 2012 8:14 PMLike a Charm!!
-
Monday, August 27, 2012 6:07 PM
I know this thread is old so I *REALLY* hope you see this. I'm a programmer who was given a server and have never administered one before, so am figuring things out from scratch.
Your advice works, *BUT* I'm asked to log in before my web site shows up. I want *ANYONE* to be able to view the web site without having to log in. How can I fix that?
-
Monday, August 27, 2012 6:11 PMGo to IIS and expand sites, click on the site you want to administer ,disable forms/Windows authentication and enable Anonymous Authentication
-
Monday, August 27, 2012 6:12 PM oh i forgot to type click on authentication on the right after you select the site
- Proposed As Answer by SBolton Tuesday, October 23, 2012 8:42 PM
-
Monday, September 03, 2012 11:10 AM
Hey jay-dubb,
Thanks it works like a charm. This thing drove me crazy for an hour or so.
Yaron Ozana SharePoint Developer
-
Thursday, September 20, 2012 3:46 PM
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
This saved my time too :-)- Proposed As Answer by jkonline Thursday, September 20, 2012 3:46 PM
-
Monday, October 22, 2012 11:17 PM
jay-dubb,
This worked for me, THANKS!!!
In my case the issue arose when I added MSCEP to my existing certificate services web enrollment.
Chris
-
Wednesday, November 07, 2012 3:29 PM
Hi jay-dubb,
Thanks. Your steps worked out for me.
I am running CA role on a Windows Server 2008R2. The issue can be solved by adding the web server as a trusted site. I didn't try that.
Best regards, Ivan Versluis
Networknet.nl Blog -
Thursday, November 22, 2012 5:13 PM
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
Thank You very much! -
Wednesday, November 28, 2012 5:16 PM
Cool! Worked for me too. Thanks!!!To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
C# developer
-
Wednesday, December 12, 2012 4:12 PM
To whoever this may help, this saved my life...
IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...
1.) Open iis and select the website that is causing the 401
2.) Open the "Authentication" property under the "IIS" header
3.) Click the "Windows Authentication" item and click "Providers"
4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.
Saved my butt. Thanks for posting! -
Saturday, December 15, 2012 9:51 PMTwo and a half years later, this answer helped me too. Thanks.
-
Wednesday, January 02, 2013 11:12 PMFor me I had a ups program that was running on port 80 and certsrv would not start. I set the service to a delayed start and I was good to go again.
-
Wednesday, April 10, 2013 6:47 PMI have no idea how you figured this out but I am glad you did. This saved us a ton of time. Thanks very much!
-
Wednesday, April 24, 2013 7:21 PM
Setting the user in this edit menu to "Application pool identity" worked for me.None of the responses help me to solve the problem; here is how I solved it.
My Problem started when I shared the folder.
When I Enabled Windows Authentication It started giving me a Login Windows for User Name & Password, That was not desired by me so I disabled the Windows Authentication, in fact all of them expect the Anonymous Authentication, When Clicked “Edit“Anonymous Authentication it showed a user it was IUSR I gave full rights to IUSR for the subject folder and my website started working
-
Thursday, May 02, 2013 5:22 PM
Hello Jay
This worked like a charm!! However, need help in understanding a point here. When we are accessing the web application with the ip address, application shows up. However, when we use the DNS name, we are seeing this error which got fixed after changing the Providers to NTLM under windows authentication. Why is this behaviour?
Thanks,
Pavan
.png)
