This SharePoint tutorial we will discuss how to solve HTTP 401.1 Access Denied in SharePoint 2013/2016.
After we install the SP1 for SharePoint 2013 users were getting the error as “HTTP 401.1 Access Denied” for few site collections created which are created with:
- Fully Qualified Domain Name (FQDN)
- Sites with alternate access mappings
- Sites created in Host header web applications
- Host header site collections
The issue is when a user to access the site SharePoint is prompting for user credentials with no limit. When I started investigating this the end result is a 401.1 Access Denied from the web server and a logon failure in the event log.
HTTP 401.1 Access Denied in SharePoint 2013/2016
The tricky and baffling part is 401.1 is a common error code for incorrect credentials/access issues but it can’t happen in our case as the user has been accessing the site with business admin credentials.
You can check various HTTP error codes, https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
After long time research, we realized this is because of the new feature “loopbackcheck” got added as part of SP1 installation.
Below are the 2 methods to fix this issue:
- Specify Host names (Preferred method, if authentication is NTLM)
- Disable the loopback check (less-recommended method)
Note: Both these approaches involves registry changes so we must have administrator permissions to perform this.
Let us explore both procedures:
Specify host names:
In this approach, we are adding the Fully Qualified Domain Name of the application as Multi-string value key in the registry.
- Start -> Run – > type regedit, and then click OK.
- In Registry Editor navigate to the following registry key/folder: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Right-click MSV1_0, point to New, and then click Multi-String Value.
- Type BackConnectionHostNames, and then press ENTER.
- Right-click BackConnectionHostNames, and then click Modify.
- In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK. Ex: intranet.mstechnology.com
- Quit Registry Editor, and then restart the IISAdmin service.
Disable the loopback check:
The second approach is to disable the loopback check by adding a new key DisableLoopbackCheck of type DWORD Value
- Start -> Run – > type Regedit, and then click OK.
- In Registry Editor navigate to the following registry key/folder: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click Lsa, point to New and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Quit Registry Editor, and then restart your computer.
Disable loopback using PowerShell
Below is the PowerShell command for disabling loopback:
New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword
You may like following SharePoint tutorials:
- SSRS version conflict issue in SharePoint2013
- Fix event ID 10016 DistributedCOM error
- User profile synchronization service stuck on starting sharepoint 2013
- SSRS Data Source is not responding error as The report server is unable to access encrypted data
- UserProfileDBCache_WCFLogging ProfileDBCacheServiceClient.GetUserData threw exceptionObject reference not set to an instance of an object
- Data Refreshing issue Access Denied to Analysis Services Database Contact Administrator in PowerPivot in SharePoint BI services
- The Managed Metadata Service or Connection is currently not available.
- HTTP Error 400 The size of the request headers is too long SharePoint Online Office 365
- FIXED SharePoint 2013 Setup Error AppFabric is not correctly configured
This SharePoint tutorial, we learned how to solve error HTTP 401.1 Access Denied in SharePoint 2013 or SharePoint 2016.
SharePoint Online FREE Training
JOIN a FREE SharePoint Video Course (3 Part Video Series)