HTTP 401.1 Access Denied in SharePoint 2013/2016

This SharePoint tutorial we will discuss how to solve HTTP 401.1 Access Denied in SharePoint 2013/2016.

After we install the SP1 for SharePoint 2013 users were getting the error as “HTTP 401.1 Access Denied” for few site collections created which are created with:

  • Fully Qualified Domain Name (FQDN)
  • Sites with alternate access mappings
  • Sites created in Host header web applications
  • Host header site collections

The issue is when a user to access the site SharePoint is prompting for user credentials with no limit. When I started investigating this the end result is a 401.1 Access Denied from the web server and a logon failure in the event log.

HTTP 401.1 Access Denied in SharePoint 2013/2016

The tricky and baffling part is 401.1 is a common error code for incorrect credentials/access issues but it can’t happen in our case as the user has been accessing the site with business admin credentials.

HTTP error-codes:

You can check various HTTP error codes, https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

After long time research, we realized this is because of the new feature “loopbackcheck” got added as part of SP1 installation.

Below are the 2 methods to fix this issue:

  • Specify Host names (Preferred method, if authentication is NTLM)
  • Disable the loopback check (less-recommended method)

Note: Both these approaches involves registry changes so we must have administrator permissions to perform this.

Let us explore both procedures:

Specify host names:

In this approach, we are adding the Fully Qualified Domain Name of the application as Multi-string value key in the registry.

  • Start -> Run – > type regedit, and then click OK.
  • In Registry Editor navigate to the following registry key/folder: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  • Right-click MSV1_0, point to New, and then click Multi-String Value.
  • Type BackConnectionHostNames, and then press ENTER.
  • Right-click BackConnectionHostNames, and then click Modify.
  • In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK. Ex: intranet.mstechnology.com
  • Quit Registry Editor, and then restart the IISAdmin service.
HTTP 401.1 Access Denied in SharePoint
HTTP 401.1 Access Denied in SharePoint 2013

Disable the loopback check:

The second approach is to disable the loopback check by adding a new key DisableLoopbackCheck of type DWORD Value

  • Start -> Run – > type Regedit, and then click OK.
  • In Registry Editor navigate to the following registry key/folder: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  • Right-click Lsa, point to New and then click DWORD Value.
  • Type DisableLoopbackCheck, and then press ENTER.
  • Right-click DisableLoopbackCheck, and then click Modify.
  • In the Value data box, type 1, and then click OK.
  • Quit Registry Editor, and then restart your computer.
HTTP 401.1 Access Denied in SharePoint 2016
http error 401.1 - unauthorized access is denied sharepoint

Disable loopback using PowerShell

Below is the PowerShell command for disabling loopback:

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -value "1" -PropertyType dword

You may like following SharePoint tutorials:

This SharePoint tutorial, we learned how to solve error HTTP 401.1 Access Denied in SharePoint 2013 or SharePoint 2016.

>