waltforbes
asked on
How to Fix SharePoint 2016 Error "401 Unauthorized"?
Points of My Scenario
1. I have just implemented a single-server farm of SharePoint 2016
2. I created the first site collection of this farm and configured myself as primary site administrator
3. When I go to the website (http://servername), I get error "401 Unauthorized"
4. When I go to http://servername/default.aspx, I can access the homepage, but any other page - INCLUDING "Site settings" gives me the same error
5. I've tried: (a) enabling "Kernel-mode authentication" for Windows Authentication, (b) disabling Anonymous Authentication
QUESTION: What should I do to resolve the error and therefore use the website?
1. I have just implemented a single-server farm of SharePoint 2016
2. I created the first site collection of this farm and configured myself as primary site administrator
3. When I go to the website (http://servername), I get error "401 Unauthorized"
4. When I go to http://servername/default.aspx, I can access the homepage, but any other page - INCLUDING "Site settings" gives me the same error
5. I've tried: (a) enabling "Kernel-mode authentication" for Windows Authentication, (b) disabling Anonymous Authentication
QUESTION: What should I do to resolve the error and therefore use the website?
ASKER
Hi Walter Curtis,
the strangest thing happened: I reverted the changes to their original settings (as you advised), then executed "iisreset" at the command prompt. Consequently, SharePoint site started working as desired!
I am still nervous because I have to replicate this system for three other environments, and I don't know what I should do differently. Any ideas on why it works without the fix of https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate ?
the strangest thing happened: I reverted the changes to their original settings (as you advised), then executed "iisreset" at the command prompt. Consequently, SharePoint site started working as desired!
I am still nervous because I have to replicate this system for three other environments, and I don't know what I should do differently. Any ideas on why it works without the fix of https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate ?
ASKER
FALSE ALERT: It is still FAILING
The misunderstanding: it works ONLY for http://hostname. It continues to fails with the "410 UNAUTHORIZED" error whenever I use the URL http://hostname.dnsname.etc
ACTIONS TAKEN: I executed your advice at: https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate:
(a) I created the "DisableStrictNameChecking" DWORD (32-bit) registry key with a value of "1" in HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Se rvices\Lan manServer\ Parameters - because SharePoint is configured to use NTLM
(b) I created the "BackConnectionHostNames" REG_MULTI_SZ key in HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Lsa\ MSV1_0
(c) I entered the following two entries - each on a separate line: (i) hostname, (ii) hostname.domain.etc
(d) I executed "iisreset" at the Administrative Command Prompt
QUESTION: What else should I do?
The misunderstanding: it works ONLY for http://hostname. It continues to fails with the "410 UNAUTHORIZED" error whenever I use the URL http://hostname.dnsname.etc
ACTIONS TAKEN: I executed your advice at: https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate:
(a) I created the "DisableStrictNameChecking" DWORD (32-bit) registry key with a value of "1" in HKEY_LOCAL_MACHINE\SYSTEM\
(b) I created the "BackConnectionHostNames" REG_MULTI_SZ key in HKEY_LOCAL_MACHINE\SYSTEM\
(c) I entered the following two entries - each on a separate line: (i) hostname, (ii) hostname.domain.etc
(d) I executed "iisreset" at the Administrative Command Prompt
QUESTION: What else should I do?
Keep in mind, going to http://hostname is very different than http://hostname.dnsname.etc
Make sure you have a DNS record for the full url. When you simply go to the short url, you are routed to the machine used in the url. When you add the dnsname.etc the browser does not know where to go, unless you have a DNS record, or at least a Host File entry for the full name.
You may also need to add an Alternate Access Mapping via Central Admin in SharePoint for the full url.
One last thing, try from a different machine that is in the same network. Trying directly on the SharePoint server sometimes is a bit whacky.
Hope that helps...
Make sure you have a DNS record for the full url. When you simply go to the short url, you are routed to the machine used in the url. When you add the dnsname.etc the browser does not know where to go, unless you have a DNS record, or at least a Host File entry for the full name.
You may also need to add an Alternate Access Mapping via Central Admin in SharePoint for the full url.
One last thing, try from a different machine that is in the same network. Trying directly on the SharePoint server sometimes is a bit whacky.
Hope that helps...
ASKER
Hi Walter:
[P.S. Error screenshot attached]
1. DNS is working correctly.
2. I am not getting "Page cannot be displayed" errors.
3. I am getting the "401 UNAUTHORIZED" error.
4. The browser reaches the web server: additional proof = a logon dialog box appears.
5. I am sure about the credentials - they are the same used to successfully access the website at http://hostname
Next Step: I will study Alternate Access Mapping to determine if that is the solution to my problem.
Many thanks for mentioning "Alternate Access Mapping" - I did not configure this in any way, because I do not know about it.
QUESTION: Now that we have established that it's not a DNS issue, do you think Alternate Access Mapping can correct this "401 UNAUTHORIZED" error issue?
SharePoint_401Unauthorized_Error.PNG
[P.S. Error screenshot attached]
1. DNS is working correctly.
2. I am not getting "Page cannot be displayed" errors.
3. I am getting the "401 UNAUTHORIZED" error.
4. The browser reaches the web server: additional proof = a logon dialog box appears.
5. I am sure about the credentials - they are the same used to successfully access the website at http://hostname
Next Step: I will study Alternate Access Mapping to determine if that is the solution to my problem.
Many thanks for mentioning "Alternate Access Mapping" - I did not configure this in any way, because I do not know about it.
QUESTION: Now that we have established that it's not a DNS issue, do you think Alternate Access Mapping can correct this "401 UNAUTHORIZED" error issue?
SharePoint_401Unauthorized_Error.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Woohoo! AAMs worked!!
A great many thanks to you, Walter. You fully resolved my issue!
A great many thanks to you, Walter. You fully resolved my issue!
ASKER
It was exactly the direction I needed to go in!
For visual instructions, see video https://www.youtube.com/watch?v=3s_uY983LXM - at 2:20
For visual instructions, see video https://www.youtube.com/watch?v=3s_uY983LXM - at 2:20
Glad that worked for you! Happy SharePointing...
Your point 5 from above is concerning. Making those adjustments are a path to the dog chasing his tail. Return those to the default settings and starting fresh.
This may be a loopback issue, something common with SharePoint new installations. This link will help. Don't worry about the mention of old servers and such in the article, it still applies to current OS and SP Versions:
https://support.microsoft.com/en-us/help/896861/you-receive-error-401-1-when-you-browse-a-web-site-that-uses-integrate
Hope that helps...