SharePoint Central Admin — HTTP Error 401 — Unauthorized: Access is denied due to invalid credentials
When accessing SharePoint Central Admin from a remote system, you will get a 401 Access Denied Message.
This strange behaviour occurs only when accessing SharePoint Central Admin Site from a remote system, when browsing it locally on the SharePoint Server hosting the Central Admin Site, it works.
On remote systems, IE would present a logon prompt — without any success of accessing the page.
There are numerous configuration issues to check
- Check the AAA (Alternate Access Mappings) in Central Admin for the Central Admin Web Application
- Check Authentication Providers and bindings in IIS
- Disable the loopback check
- Check Internet Explorer Settings for the Local Intranet Zone and Windows-integrated Authentication Settings
- Check cached credentials on the client
The issue I am referring here in this post is related to Group Policy Settings (GPO), more precisely regarding the LAN Manager Authentication Level.
In my case the Central Admin Site uses the NTML authentication protocol (not Kerberos). Unfortunately the systems where the access to the Web Application was not working, had the GPO setting “Network security: Lan Manager authentication level” not configured.
After changing that setting (to at least support NTLMv2) and reprocessing GPO (gpupdate.exe /force), SharePoint Central Admin Site was accessible again.
Further information:
- Client, service, and program issues can occur if you change security settings and user rights assignments
- DisableLoopbackCheck & SharePoint: What every admin and developer should know
- You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version
- You receive an “HTTP Error 401.1 — Unauthorized: Access is denied due to invalid credentials” error message when you try to access a Web site that is part of an IIS 6.0 application pool
- Configure alternate access mappings for SharePoint 2013
- Remove stored passwords, certificates, and other credentials
Related:SharePoint Central Admin — HTTP Error 401 — Unauthorized 401 2 5 0 401 1 2148074254 0 401 1 2148074252 0