SharePoint Central Admin — HTTP Error 401 — Unauthorized: Access is denied due to invalid credentials

Published in

Markus' Blog

2 min readMar 16, 2015

When accessing SharePoint Central Admin from a remote system, you will get a 401 Access Denied Message.

This strange behaviour occurs only when accessing SharePoint Central Admin Site from a remote system, when browsing it locally on the SharePoint Server hosting the Central Admin Site, it works.

On remote systems, IE would present a logon prompt — without any success of accessing the page.

There are numerous configuration issues to check

Check the AAA (Alternate Access Mappings) in Central Admin for the Central Admin Web Application
Check Authentication Providers and bindings in IIS
Disable the loopback check
Check Internet Explorer Settings for the Local Intranet Zone and Windows-integrated Authentication Settings
Check cached credentials on the client

The issue I am referring here in this post is related to Group Policy Settings (GPO), more precisely regarding the LAN Manager Authentication Level.

In my case the Central Admin Site uses the NTML authentication protocol (not Kerberos). Unfortunately the systems where the access to the Web Application was not working, had the GPO setting “Network security: Lan Manager authentication level” not configured.

Network security: Lan Manager authentication level

After changing that setting (to at least support NTLMv2) and reprocessing GPO (gpupdate.exe /force), SharePoint Central Admin Site was accessible again.

Further information:

Related:SharePoint Central Admin — HTTP Error 401 — Unauthorized 401 2 5 0 401 1 2148074254 0 401 1 2148074252 0

SharePoint Central Admin — HTTP Error 401 — Unauthorized: Access is denied due to invalid credentials

Written by Markus Kolbeck