none
401 - Unauthorized: Access is denied due to invalid credentials

    Question

  • After installing MSCEP, enter http://Server2008/certsrv/mscep_admin in the browser.
    Enter correct user name and password in pop-up box. Windows 2008 keeps rejecting the correct user name and password. Browser displays error when clicked on cancel.
    Friday, July 13, 2007 12:44 AM

Answers

  • Hello,

     

    Try to check the auth providers with this script in command prompt:

    cscript adsutil.vbs get w3svc/WebSite/root/NTAuthenticationProviders

     

    if you do not have NTLM, the add it with this script:

    cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "NTLM"

     

    Of course, you should change the website element to your custom one.

     

    Maybe it solves your issue.

     

    Regards,

     

    Janos

     

    Monday, July 16, 2007 6:48 AM

All replies

  • Have you checked under authentication in IIS?
    Friday, July 13, 2007 6:55 AM
    Moderator
  • Didn't worked either.
    Friday, July 13, 2007 3:42 PM
  • Hello,

     

    Try to check the auth providers with this script in command prompt:

    cscript adsutil.vbs get w3svc/WebSite/root/NTAuthenticationProviders

     

    if you do not have NTLM, the add it with this script:

    cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "NTLM"

     

    Of course, you should change the website element to your custom one.

     

    Maybe it solves your issue.

     

    Regards,

     

    Janos

     

    Monday, July 16, 2007 6:48 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    • Proposed as answer by EugBer Thursday, May 27, 2010 6:43 PM
    Tuesday, March 30, 2010 3:20 PM
  • Hi jay-dubb, can't find that "Providers in "Windows Authentication" in IIS 7? I am using Windows 2008 Server.

    Sunday, May 09, 2010 5:34 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    You rock!  This totally fixed me!  Thank you for taking the time to post!
    • Proposed as answer by Ctrunk514 Monday, January 07, 2013 9:53 PM
    Thursday, May 27, 2010 6:43 PM
  • Hi jay-dubb, can't find that "Providers in "Windows Authentication" in IIS 7? I am using Windows 2008 Server.


    Go to the site, click Authentication in the middle and then the middle frame has the authentication types.  Click on Windows Authentication and then Providers appears under actions in the right frame.
    Thursday, May 27, 2010 6:45 PM
  • This must not apply to IIS 7.5 - there is no "Windows Authentication" item under "Authentication".  There is a Providers icon under ASP.net.  Is this what you mean?
    Friday, July 09, 2010 6:58 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.


    That fixed me as well. Thank you very much for posting this. 
    Friday, August 13, 2010 2:50 PM
  • I'm running the Server 2008 IIS7 and can't find the Providers you talk about under the IIS Header. I do have a Providers in the ASP.NET.

     

    The main problem is that I'm having a issue that the IP Address works with no problem, but the DNS name does not want to pass the credential through to the server.

    I'm totally stuck on this problem.

    Sniffles

    Thursday, August 19, 2010 5:14 PM
  • Thanks for the suggestion about moving NTLM above Negotiate, jay-dubb - it was the cause of my problems, too, and so much time was wasted before I found the one page out of the first 40 Google results (this page) that identified it.
    Wednesday, November 24, 2010 9:55 AM
  • jdigap - I don't know if you found the answer to your problem (obviously it's some time ago now, but this being a public record of answers and all I figured I'd post suggestions for anyone else, too) - first you need to open the Authentication section. If you don't have a Windows Authentication entry under there you need to go into the Server Manager Roles and use Add Role Service on the IIS entry to add  the Windows Authentication service. 

    If Windows Authentication is listed, then you select the Windows Authentication option and over at the right hand side in IIS 7 there should be a Providers... link which you click to list the providers, and can change the order in there.

    • Proposed as answer by Akshay Shaha Monday, February 10, 2014 10:31 AM
    Wednesday, November 24, 2010 10:01 AM
  • Thaks for the tip. This worked for me.
    Saturday, December 11, 2010 11:59 PM
  • Worked like charm..
    Monday, December 13, 2010 10:51 AM
  • Amazing!!  This worked a treat for me too.
    Tuesday, January 04, 2011 3:15 PM
  • Unbelievable.  I would have never found this if it weren't for you.  Thanks!

    Tuesday, January 11, 2011 11:32 PM
  • Jay-dubb,

     

    THANKYOU!

     

    If I could send you a virtual beer I would...

     

    I've lost so much time over that :(

    Saturday, February 05, 2011 11:08 AM
  • I shared my wwwroot folder and I got this error message.  The only reason why I would do a share folder is so that I was able to update the sit via network.  Anyways been working on this issue for about 2 days.  Then I came across this form and it fixed my problem.  Thank you so much.  :)
    Sunday, February 20, 2011 4:00 PM
  • Excellent! I wish it was always this simple instead of trolling through hundreds of meaningless posts by people second guessing. Thanks a lot!
    Freelance IT consultant/developer
    Monday, March 07, 2011 8:56 PM
  • None of the responses help me to solve the problem; here is how I solved it.

    My Problem started when I shared the folder.

    When I Enabled Windows Authentication It started giving me a Login Windows for User Name & Password, That was not desired by me so I disabled the Windows Authentication, in fact all of them expect the Anonymous Authentication, When Clicked “Edit“Anonymous Authentication it showed a user it was IUSR I gave full rights to IUSR for the subject folder and my website started working

     

    • Proposed as answer by Strahan Friday, January 06, 2012 6:31 PM
    Tuesday, March 22, 2011 7:23 AM
  • I'm running the Server 2008 IIS7 and can't find the Providers you talk about under the IIS Header. I do have a Providers in the ASP.NET.

    I am having the exact same issue. For the Action pane elements I only have advanced settings, no providers. I do also have a providers under asp.net that doesn't appear to be the same as the one for Windows Authentication.

    Did anyone ever figure out how to edit the providers in Windows Authentication?

    Wednesday, March 23, 2011 8:33 PM
  • try this.. it worked for me in IIS7.

    KB Article Link:  http://support.microsoft.com/kb/215383

    Check the NTAuthenticationProviders IIS metabase property, if it is set to default “Negotiate,NTLM” .

    C:\inetpub\AdminScripts>cscript adsutil.vbs get w3svc/NTAuthenticationProviders

    Set NTAuthenticationProviders IIS metabase property to “NTLM”.

    C:\inetpub\AdminScripts>cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"

     

    Thursday, March 24, 2011 9:21 PM
  • Great!!! That worked for me too.
    Friday, March 25, 2011 3:48 PM
  • I'm running Windows Server 2008 R2 and IIS 7.5.

     

    I was receiving the same error and after messing around with it, this is what fixed it.

     

    In IIS, select the website you're having the issue with.

    In the IIS section, select 'Authentication'.

    Right click on Anonymous Authentication and select 'Edit'

    Check the 'Specified User' radio button and click on 'Set'

    I entered my username, password and password confirmation and click ok.

     

    This solved my problem and I hope it can help someone else.

    Cheers!

     

    Saturday, March 26, 2011 2:47 AM
  • For IIS 7.5, check out this article:

    http://support.microsoft.com/kb/950100

    Issue 3: Error message when you try to open the Microsoft Dynamics CRM 4.0 Web application:

    "HTTP Error 401.2 – Unauthorized"


    To work around this problem, enable the Windows Authentication role service in the Web Server (IIS) role.

    Wednesday, April 27, 2011 11:28 AM
  • I was not able to find providers in IIS 7, but the command line utility worked like a charm!!! Thank you!!!
    Wednesday, May 04, 2011 7:41 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    You are a legend mate. Saved me heaps of headaches.
    Wednesday, May 18, 2011 1:48 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    You rocked!!!! It really fixed the issue.
    Wednesday, June 01, 2011 9:21 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.


    Thank you so much! I faffed about for hours over this issue - I even thought about switching the providers out of desperation, but dismissed the idea for being too stupid!!!
    Friday, June 03, 2011 2:52 PM
  • This did it for me!  Good job with your post.
    Friday, June 03, 2011 3:41 PM
  • Thanks a million.. this works for me!
    Wednesday, July 13, 2011 9:07 PM
  • Thanks a lot that did it for me too. I spent days trying to figure this out.
    Tuesday, July 19, 2011 5:06 PM
  • Thanks a lot. This helped.
    Friday, July 29, 2011 4:14 PM
  • This worked for me, too! Thank you!
    Wednesday, August 31, 2011 1:11 PM
  • Great ! Who would believe that the order matters.
    Wednesday, August 31, 2011 3:33 PM
  • Worked for me, thanks!
    Friday, September 02, 2011 8:15 AM
  • I'm posting this so that if anyone having a similar issue to mine can solve their problem.

    I too received the 401.2 Unauthorized error message. I had all of the correct features installed and configured on the web site and the virtual directory. Yet, I still received the 401.2 Unauthorized error message. We configured all of our anonymous access to use specific credentials in the applicationHost.config file of IIS. To solve the problem, I configured the application pool running the virtual directory to use the same credentials configured for anonymous access. I then went into the virtual directory, opened up the Authentication, and edited the Anonymous access credentials. In my case, the Specific User option was checked (it contained the name of the credentials we configured in applicationHost.config). I switched it to the Application pool identity option (the same credentials!) and the application started working.

    I wish I could explain why this fixed the problem, but I'm completely baffled.

    Wednesday, October 19, 2011 8:08 PM
  • For IIS 7.5, check out this article:

    http://support.microsoft.com/kb/950100

    Issue 3: Error message when you try to open the Microsoft Dynamics CRM 4.0 Web application:

    "HTTP Error 401.2 – Unauthorized"


    To work around this problem, enable the Windows Authentication role service in the Web Server (IIS) role.


    For IIS 7.5 you can enable it like this:

    http://www.iis.net/ConfigReference/system.webServer/security/authentication/windowsAuthentication

    Monday, November 28, 2011 10:08 PM
  • Worked for me too.

    Thank you so much!

    We just need to go to the Authentication section for the particular website, edit the Anonymous Authentication, for specific user ISUR, click Set, enter username and password and all set to GO!

    Thursday, December 22, 2011 11:55 AM
  • Thanks Naseer! That solved my problem.
    Friday, January 06, 2012 6:31 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    This just saved me... thanks so much!
    Wednesday, January 18, 2012 2:04 PM
  • WOW!

    Thanks jay-dubb!

    This certainly set me in the right direction. I do not have Windows Authentication but under 'Anonymous Authentication' I changed this to authenticate to the IIS App Pool instead of IUSER.

    Thanks again!


    Friday, January 20, 2012 5:37 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.


    Thank you for taking the time to post jay-dubb - Worked for me, on a 2 year old certserver!
    KL_Dane
    Tuesday, January 31, 2012 7:54 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    Thanks for this resolution. Worked on my environment of Server 2008R2 CA!
    Jay Valambhia | www.netflo.co.uk
    Tuesday, January 31, 2012 3:12 PM
  • Just remember that this means that Kerberos will not be used, every user will now authenticate with NTLM insted of Kerberos. 
    Also to configure Kerberos correct you have to set the correct SPN for the application pool the IIS site is running in. 

    Tuesday, January 31, 2012 3:31 PM
  • That makes perfect sense that bad credentials errors can be fixed in the authentication options. I tried Basic Authentication to see if I could log into my web page (actually it's my wife's - a redirect from a virtual directory in my website) using my admin username and password. Shockingly, the website wouldn't let me in. I checked out the folder permissions and they had changed on me (probably a Windows update). I gave everybody in the ACL read (and read/write) permissions and all of a sudden I could log in. I disabled Basic Authentication and went back to Anonymous Authentication and the page still came up without that nasty 401 error. BTW, I'm running IIS 7.5
    Wednesday, February 08, 2012 8:12 AM
  • I'm having the same problem.  Didn't have Windows Authentication so I added this role.  Now, when I select Authentication > Windows Authentication I don't have the 'Providers' option in the right hand pane.

    Can anyone please tell me how to install/access the Providers so that I can change them?  I am using IIS7 on Windows Server 2008

    Tuesday, April 24, 2012 9:38 AM
  • jay-dubb, I could kiss you!  Thanks!
    Thursday, May 24, 2012 3:36 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    This fixed it for me when using windows authentication, thank you
    Monday, June 11, 2012 9:13 AM
  • Hi ,

    Do you have to restart the IIS service for the effect to take action ?

    • Proposed as answer by Teqnickel Wednesday, July 11, 2012 3:46 PM
    • Unproposed as answer by Teqnickel Wednesday, July 11, 2012 3:46 PM
    Friday, June 15, 2012 3:10 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.


    I know its an old thread but I just ran into this issue with scom 2012 and Jay-dubb's fix worked great.
    Wednesday, July 11, 2012 3:45 PM
  • Like a Charm!!
    Wednesday, August 22, 2012 8:14 PM
  • I know this thread is old so I *REALLY* hope you see this. I'm a programmer who was given a server and have never administered one before, so am figuring things out from scratch.

    Your advice works, *BUT* I'm asked to log in before my web site shows up. I want *ANYONE* to be able to view the web site without having to log in. How can I fix that?

    Monday, August 27, 2012 6:07 PM
  • Go to IIS and expand sites, click on the site you want to administer ,disable forms/Windows authentication and enable Anonymous Authentication
    Monday, August 27, 2012 6:11 PM
  • oh  i forgot to type click on authentication on the right after you select the site
    • Proposed as answer by SBolton Tuesday, October 23, 2012 8:42 PM
    Monday, August 27, 2012 6:12 PM
  • Hey jay-dubb,

    Thanks it works like a charm. This thing drove me crazy for an hour or so.


    Yaron Ozana SharePoint Developer

    Monday, September 03, 2012 11:10 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.


    This saved my time too :-)
    • Proposed as answer by jkonline Thursday, September 20, 2012 3:46 PM
    Thursday, September 20, 2012 3:46 PM
  • jay-dubb,

    This worked for me, THANKS!!!

    In my case the issue arose when I added MSCEP to my existing certificate services web enrollment.

    Chris

    Monday, October 22, 2012 11:17 PM
  • Hi jay-dubb,

    Thanks. Your steps worked out for me.

    I am running CA role on a Windows Server 2008R2. The issue can be solved by adding the web server as a trusted site. I didn't try that.


    Best regards, Ivan Versluis
    Networknet.nl Blog

    Wednesday, November 07, 2012 3:29 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.


    Thank You very much!
    Thursday, November 22, 2012 5:13 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    Cool! Worked for me too. Thanks!!!

    C# developer

    Wednesday, November 28, 2012 5:16 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.


    Saved my butt. Thanks for posting!
    Wednesday, December 12, 2012 4:12 PM
  • Two and a half years later, this answer helped me too. Thanks.
    Saturday, December 15, 2012 9:51 PM
  • For me I had a ups program that was running on port 80 and certsrv would not start. I set the service to a delayed start and I was good to go again.
    Wednesday, January 02, 2013 11:12 PM
  • I have no idea how you figured this out but I am glad you did. This saved us a ton of time. Thanks very much!
    Wednesday, April 10, 2013 6:47 PM
  • None of the responses help me to solve the problem; here is how I solved it.

    My Problem started when I shared the folder.

    When I Enabled Windows Authentication It started giving me a Login Windows for User Name & Password, That was not desired by me so I disabled the Windows Authentication, in fact all of them expect the Anonymous Authentication, When Clicked “Edit“Anonymous Authentication it showed a user it was IUSR I gave full rights to IUSR for the subject folder and my website started working

     

    Setting the user in this edit menu to "Application pool identity" worked for me.
    Wednesday, April 24, 2013 7:21 PM
  • Hello Jay

    This worked like a charm!! However, need help in understanding a point here. When we are accessing the web application with the ip address, application shows up. However, when we use the DNS name, we are seeing this error which got fixed after changing the Providers to NTLM under windows authentication. Why is this behaviour? 

    Thanks,
    Pavan

    Thursday, May 02, 2013 5:22 PM
  • Thanks, it worked!

    I was having trouble accessing the Certificate Services web site (Certsrv) in Windows Server 2012, and changing the order of the Windows authentication providers did the trick.

    Thanks!


    Paulo Dias - IT Pro Evangelist

    Tuesday, May 21, 2013 12:38 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    I was looking for this solution for a long time!! Thanks a lot!! 
    Friday, May 24, 2013 1:34 PM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    Thanks for posting this, you've saved me too :)
    Thursday, June 20, 2013 11:56 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    worked for me as well. thanks very much!
    Friday, June 28, 2013 7:04 AM
  • Took me a good 2 days to figure out, but I was getting "401 - Unauthorized: Access is denied due to invalid credentials." as well when I tried to access the webserver from itself. I could browse to it from any other computer and type in the user/pass without error, but it would not let me browse to it from within the webserver.

    After 2 days of troubleshooting (trying all the solutions in this thread), my solution was to add a Reg key called DisableLoopbackCheck.

    Here's the MS KB article:

    http://support.microsoft.com/kb/896861

    Very silly that you'd need a reg key for this to work.. But hey, at least we finally figured it out! Hope this helps someone else in the future.

    Wednesday, July 03, 2013 4:42 PM
  • This issue suddenly popped up one fine day..Fortunately I was able to easily fix this moving NTLM to top. Mine IIS was 7.5 in WIN Server 2008 R2..

    Thanks a lot...

    Friday, July 26, 2013 2:08 PM
  • I had this problem before.

    I suggest double checking that you have authentication rules set in place (I am using IIS 8):

    1. Go to IIS manager
    2. Select your desired website
    3. Select the Authentication Rules feature
    4. Along the left hand side in the Actions pane select Add Allow Rule
    5. Select Anonymous Users and click OK

    Whola!  I hope this helps some of you :)

    Peter

    Friday, August 02, 2013 1:38 AM
  • To whoever this may help, this saved my life...

    IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

    1.) Open iis and select the website that is causing the 401

    2.) Open the "Authentication" property under the "IIS" header

    3.) Click the "Windows Authentication" item and click "Providers"

    4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

    **********************************************

    This worked for me.  You Rock!

    Tuesday, October 01, 2013 9:49 PM
  • Hey Jay-Dubb

    Your fixed worked!!! I have been trying to resolve this for some time and would have never gone into those settings if I had not seen this article.

    You are also a lifesaver!!!  It's people you who contribute to technical resolutions that should get a pat on the back.

    I signed up here just to reply to this article as it was worth the signup to thank you.

    If we all contribute, life would be much much easier for admins and IT people alike!!  Keep it up!.

    M

    Tuesday, November 19, 2013 4:04 AM
  • Right click on Anonymous Authentication and select 'Edit' check "Application pool"
    Wednesday, December 25, 2013 10:06 AM
  • I had the same issue on IIS 8 and Windows Server 2012.

    I shared the root folder that contained all my websites so I could access the files (to publish updates) over the network.  As soon as I shared the folder it removed the "read" access from "servername\users". (servername = the name of your server then \users).

    I followed the steps to add the windows authentication, but it didn't fix my issue.  Re-adding the servername\users to the security tab instantly fixed my issues.  Sharing had removed it.

    To do this, right click the root folder where your website resides (in my case C:\websites\abc.com) I right click "websites" click properties, go to the security tab, click "edit" under the "Group or usernames:" box.  Click "add" and type in "users" click ok.  Done.  The "read" permissions are already set.

    Hope this helps someone.

    Friday, January 03, 2014 7:00 PM
  • You are the best. This fixed the issue.
    Friday, January 10, 2014 8:22 PM
  • Bang on solution. This fixed my issue. Thanks a ton.

    Ramesh kL

    Sunday, January 19, 2014 5:29 AM
  • I changed all above settings.still is not working.
    Thursday, January 30, 2014 7:32 AM
  • Some times it's working in all browsers.some times it is not working.some time it directly login to the application without asking any credentials all browsers
    Thursday, January 30, 2014 7:35 AM
  • Thanks Aenikata for the suggestion, its worked like charm :)
    Monday, February 10, 2014 10:30 AM
  • This saved my life too! I had a beautiful solution in the development environment and hit a big snag in the Test environment. I was delayed in my deliverables and could not work out what was going on. Thanks to this, we are now in production.
    Monday, April 14, 2014 5:47 AM