IIS Error 401.2


Yesterday, I changed my domain password.  Now, one of my web sites in IIS encounters the attached 401.2 error.

Do you have any ideas on how I can eliminate this?  I have tried updating the password in the web.config file, to no avail.

My other web sites work fine.

Thank you!

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hernán PaggiVMware & IBM Certified Consulting ServicesCommented:
Which version of IIS and Windows Server are you using?
Prakash SamariyaIT ProfessionalCommented:
Please check with the "Application Pool" of that website!
You might given the said credentials into that!  Please update the same and test it!!

Good way to keep "ApplicationPoolIdentity" for normal development environment
TBSupportAuthor Commented:

This is Windows 8 and IIS 6.2.

I had already updated the application pool of my site.

The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

Prakash SamariyaIT ProfessionalCommented:
If the user name is a domain account, IIS contacts a domain controller to verify the credentials. If this fails, IIS returns a 401.2 error.

A. Please check your Domain Account, it might not have access to that folder

B. It might not enable  respected authentication ("Basic Authentication" or "Anonymous Authentication" or "Windows Authentication")!!  If so, please enable it as per your configuration!

C. You can try to set the "Managed Pipeline Mode" from "Classic" to "Integrated" of your Application Pool!

It seems that, your getting error from IISExpress, please try out below steps

If still getting error, please provide your web.config?
TBSupportAuthor Commented:
Hi There, Prakash:

Thanks, for your help!  I appreciate it!

I tried all of the suggestions but to no effect.

I'm a little concerned about showing my web.config file, since it may have sensitive information in it.  Is there a way for me to clear this out, before attaching it, here?

Hernán PaggiVMware & IBM Certified Consulting ServicesCommented:
You can try this:

1) Open iis and select the website that is causing the 401
2) Open the "Authentication" property under the "IIS" header
3) Click the "Windows Authentication" item and click "Providers"
4) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

This can be found in Technet, this is orignal link:

Technet Link
TBSupportAuthor Commented:
Hi Hernan:

On Step #3, where can I find "Providers" for Windows Authentication?  

When I click on Windows Authentication, my only choices are to Enable or Disable Windows Authentication.  I don't see a selection for "Providers".

TBSupportAuthor Commented:
Hi Hernan:

I did find the providers window that you mentioned and ran through the instructions.  Unfortunately, I did not have any success.

Any other thoughts?

I appreciate your responding so quickly.  Thank you!

btanExec ConsultantCommented:
Hope this can be useful in reference to the suggested recommendation
Cause 1
The Web application is configured to use Integrated Windows authentication. However, the Windows Authentication feature is not turned on. Or, the Integrated Windows authentication native module section of the ApplicationHost.config file or of the Web.config file is not valid. To resolve this problem, see Resolution 1.
Cause 2
The Web application is not configured to use an authentication method. To resolve this problem, see Resolution 2.

However if it is iis 6.0 (older), then I suggest you see this
In IIS 6.0, all other authentication protocols assume that the value of AuthPersistSingleRequest is True — that is, set — so authentication persists only for a single request over a connection. IIS 6.0 automatically resets authentication at the end of a request and forces each subsequent request over the same connection to authenticate.
TBSupportAuthor Commented:
Hi btan:

Thanks, for the information!

Unfortunately, I'm afraid that that did not work either.

TBSupportAuthor Commented:
Hi Again, btan:

Actually, I stand corrected.  Once I enabled Windows Authentication for the "main branch" of the web site, as well as for the "lower branch" that I need to browse out to through IIS, it almost "gets me there".

The following is the web site that I need for IIS to be able to browse to, when I browse from the lower branch :


Instead, the browsing takes me to the following web site:


Now, when I go to the second web site that I just mentioned, the screen that appears is what shows in the attached capture.png file.

So, if I click "SmartConnect.asmx" on that page shown in the capture.png file, I'm taken exactly to the first web site that I mentioned above and--most importantly--I'm taken there with no errors whatsoever!!!  :)

Now, my question of course is, how do I "edit" the lower branch of the web site to take me to the following directly?:


Thanks, so much!  You're a big help!!!

Prakash SamariyaIT ProfessionalCommented:
It's bit difficult, may be some incorrect or missing configuration in your web.config for Web Service!!!

Can you please check if configuration for web service is correct?

Normal configuration is below
<location path="YourWebservice.asmx">
        <add name="HttpGet"/>
        <add name="HttpPost"/>
        <allow users="*" />

Open in new window

btanExec ConsultantCommented:
Typically we just turn on "directory browsing" at the parent directory and allow that to inherit to the child directories. But in your case, it default to the parent always and I suspecting would it be the inheritance setting or the list of default document on access to path (if not allowed entry). Thought this may be of interest http://www.hanselman.com/blog/ChangingASPNETWebconfigInheritanceWhenMixingVersionsOfChildApplications.aspx

But besides the use of location for access control, I also see may be worth reviewing the configuration settings for virtual directories. They are independent of physical directory structure, and such virtual directories must be organized carefully to avoid configuration problems.  See
you might have a configuration file that is located in Subdir1, a virtual directory named Vdir1 that is mapped to c:\Subdir1, and a virtual directory named Vdir2 that is mapped to c:\Subdir1\Subdir2. If a client accesses the resource with the physical location of c:\Subdir1\Subdir2\MyResource.aspx using the URL http://localhost/vdir1/subdir2/MyResource.aspx, the resource inherits configuration settings from Vdir1. However, if the client accesses the same resource using the URL http://localhost/vdir2/MyResource.aspx, it does not inherit settings from Vdir1.

Creating virtual directories in this manner can cause unexpected results, or even an application failure. It is recommended that you do not nest virtual directories, or if you do, use only one Web.config file.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.