After installing MSCEP, enter http://Server2008/certsrv/mscep_admin in the browser.
Enter correct user name and password in pop-up box. Windows 2008 keeps rejecting the correct user name and password. Browser displays error when clicked on cancel.

Have you checked under authentication in IIS?

Didn't worked either.

Hello,

Try to check the auth providers with this script in command prompt:

cscript adsutil.vbs get w3svc/WebSite/root/NTAuthenticationProviders

if you do not have NTLM, the add it with this script:

cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "NTLM"

Of course, you should change the website element to your custom one.

Maybe it solves your issue.

Regards,

Janos

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

• Proposed as answer by EugBer Thursday, May 27, 2010 6:43 PM

Hi jay-dubb, can't find that "Providers in "Windows Authentication" in IIS 7? I am using Windows 2008 Server.

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

You rock!  This totally fixed me!  Thank you for taking the time to post!

• Proposed as answer by Ctrunk514 Monday, January 07, 2013 9:53 PM

Hi jay-dubb, can't find that "Providers in "Windows Authentication" in IIS 7? I am using Windows 2008 Server.

Go to the site, click Authentication in the middle and then the middle frame has the authentication types.  Click on Windows Authentication and then Providers appears under actions in the right frame.

This must not apply to IIS 7.5 - there is no "Windows Authentication" item under "Authentication".  There is a Providers icon under ASP.net.  Is this what you mean?

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

That fixed me as well. Thank you very much for posting this. 

I'm running the Server 2008 IIS7 and can't find the Providers you talk about under the IIS Header. I do have a Providers in the ASP.NET.

 

The main problem is that I'm having a issue that the IP Address works with no problem, but the DNS name does not want to pass the credential through to the server.

I'm totally stuck on this problem.

Sniffles

Thanks for the suggestion about moving NTLM above Negotiate, jay-dubb - it was the cause of my problems, too, and so much time was wasted before I found the one page out of the first 40 Google results (this page) that identified it.

jdigap - I don't know if you found the answer to your problem (obviously it's some time ago now, but this being a public record of answers and all I figured I'd post suggestions for anyone else, too) - first you need to open the Authentication section. If you don't have a Windows Authentication entry under there you need to go into the Server Manager Roles and use Add Role Service on the IIS entry to add  the Windows Authentication service. 

If Windows Authentication is listed, then you select the Windows Authentication option and over at the right hand side in IIS 7 there should be a Providers... link which you click to list the providers, and can change the order in there.

Thaks for the tip. This worked for me.

Worked like charm..

Amazing!!  This worked a treat for me too.

Unbelievable.  I would have never found this if it weren't for you.  Thanks!

Jay-dubb,

 

THANKYOU!

 

If I could send you a virtual beer I would...

 

I've lost so much time over that :(

I shared my wwwroot folder and I got this error message.  The only reason why I would do a share folder is so that I was able to update the sit via network.  Anyways been working on this issue for about 2 days.  Then I came across this form and it fixed my problem.  Thank you so much.  :)

Excellent! I wish it was always this simple instead of trolling through hundreds of meaningless posts by people second guessing. Thanks a lot!

None of the responses help me to solve the problem; here is how I solved it.

My Problem started when I shared the folder.

When I Enabled Windows Authentication It started giving me a Login Windows for User Name & Password, That was not desired by me so I disabled the Windows Authentication, in fact all of them expect the Anonymous Authentication, When Clicked “Edit“Anonymous Authentication it showed a user it was IUSR I gave full rights to IUSR for the subject folder and my website started working

 

• Proposed as answer by Strahan Friday, January 06, 2012 6:31 PM

I'm running the Server 2008 IIS7 and can't find the Providers you talk about under the IIS Header. I do have a Providers in the ASP.NET.

I am having the exact same issue. For the Action pane elements I only have advanced settings, no providers. I do also have a providers under asp.net that doesn't appear to be the same as the one for Windows Authentication.

Did anyone ever figure out how to edit the providers in Windows Authentication?

try this.. it worked for me in IIS7.

KB Article Link:  http://support.microsoft.com/kb/215383

Check the NTAuthenticationProviders IIS metabase property, if it is set to default “Negotiate,NTLM” .

C:\inetpub\AdminScripts>cscript adsutil.vbs get w3svc/NTAuthenticationProviders

Set NTAuthenticationProviders IIS metabase property to “NTLM”.

C:\inetpub\AdminScripts>cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"

 

Great!!! That worked for me too.

I'm running Windows Server 2008 R2 and IIS 7.5.

 

I was receiving the same error and after messing around with it, this is what fixed it.

 

In IIS, select the website you're having the issue with.

In the IIS section, select 'Authentication'.

Right click on Anonymous Authentication and select 'Edit'

Check the 'Specified User' radio button and click on 'Set'

I entered my username, password and password confirmation and click ok.

 

This solved my problem and I hope it can help someone else.

Cheers!

 

For IIS 7.5, check out this article:

http://support.microsoft.com/kb/950100

Issue 3: Error message when you try to open the Microsoft Dynamics CRM 4.0 Web application:

"HTTP Error 401.2 – Unauthorized"

To work around this problem, enable the Windows Authentication role service in the Web Server (IIS) role.

I was not able to find providers in IIS 7, but the command line utility worked like a charm!!! Thank you!!!

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

You are a legend mate. Saved me heaps of headaches.

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

You rocked!!!! It really fixed the issue.

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Thank you so much! I faffed about for hours over this issue - I even thought about switching the providers out of desperation, but dismissed the idea for being too stupid!!!

This did it for me!  Good job with your post.

Thanks a million.. this works for me!

Thanks a lot that did it for me too. I spent days trying to figure this out.

Thanks a lot. This helped.

This worked for me, too! Thank you!

Great ! Who would believe that the order matters.

Worked for me, thanks!

I'm posting this so that if anyone having a similar issue to mine can solve their problem.

I too received the 401.2 Unauthorized error message. I had all of the correct features installed and configured on the web site and the virtual directory. Yet, I still received the 401.2 Unauthorized error message. We configured all of our anonymous access to use specific credentials in the applicationHost.config file of IIS. To solve the problem, I configured the application pool running the virtual directory to use the same credentials configured for anonymous access. I then went into the virtual directory, opened up the Authentication, and edited the Anonymous access credentials. In my case, the Specific User option was checked (it contained the name of the credentials we configured in applicationHost.config). I switched it to the Application pool identity option (the same credentials!) and the application started working.

I wish I could explain why this fixed the problem, but I'm completely baffled.

For IIS 7.5, check out this article:

http://support.microsoft.com/kb/950100

Issue 3: Error message when you try to open the Microsoft Dynamics CRM 4.0 Web application:

"HTTP Error 401.2 – Unauthorized"

To work around this problem, enable the Windows Authentication role service in the Web Server (IIS) role.

For IIS 7.5 you can enable it like this:

http://www.iis.net/ConfigReference/system.webServer/security/authentication/windowsAuthentication

Worked for me too.

Thank you so much!

We just need to go to the Authentication section for the particular website, edit the Anonymous Authentication, for specific user ISUR, click Set, enter username and password and all set to GO!

Thanks Naseer! That solved my problem.

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

This just saved me... thanks so much!

WOW!

Thanks jay-dubb!

This certainly set me in the right direction. I do not have Windows Authentication but under 'Anonymous Authentication' I changed this to authenticate to the IIS App Pool instead of IUSER.

Thanks again!

• Edited by Michael A Strauss Friday, January 20, 2012 5:37 PM

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Thank you for taking the time to post jay-dubb - Worked for me, on a 2 year old certserver!

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Thanks for this resolution. Worked on my environment of Server 2008R2 CA!

Just remember that this means that Kerberos will not be used, every user will now authenticate with NTLM insted of Kerberos. 
Also to configure Kerberos correct you have to set the correct SPN for the application pool the IIS site is running in. 

That makes perfect sense that bad credentials errors can be fixed in the authentication options. I tried Basic Authentication to see if I could log into my web page (actually it's my wife's - a redirect from a virtual directory in my website) using my admin username and password. Shockingly, the website wouldn't let me in. I checked out the folder permissions and they had changed on me (probably a Windows update). I gave everybody in the ACL read (and read/write) permissions and all of a sudden I could log in. I disabled Basic Authentication and went back to Anonymous Authentication and the page still came up without that nasty 401 error. BTW, I'm running IIS 7.5

I'm having the same problem.  Didn't have Windows Authentication so I added this role.  Now, when I select Authentication > Windows Authentication I don't have the 'Providers' option in the right hand pane.

Can anyone please tell me how to install/access the Providers so that I can change them?  I am using IIS7 on Windows Server 2008

jay-dubb, I could kiss you!  Thanks!

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

This fixed it for me when using windows authentication, thank you

Hi ,

Do you have to restart the IIS service for the effect to take action ?

• Proposed as answer by Teqnickel Wednesday, July 11, 2012 3:46 PM
• Unproposed as answer by Teqnickel Wednesday, July 11, 2012 3:46 PM

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

I know its an old thread but I just ran into this issue with scom 2012 and Jay-dubb's fix worked great.

Like a Charm!!

I know this thread is old so I *REALLY* hope you see this. I'm a programmer who was given a server and have never administered one before, so am figuring things out from scratch.

Your advice works, *BUT* I'm asked to log in before my web site shows up. I want *ANYONE* to be able to view the web site without having to log in. How can I fix that?

Go to IIS and expand sites, click on the site you want to administer ,disable forms/Windows authentication and enable Anonymous Authentication

oh  i forgot to type click on authentication on the right after you select the site

• Proposed as answer by SBolton Tuesday, October 23, 2012 8:42 PM

Hey jay-dubb,

Thanks it works like a charm. This thing drove me crazy for an hour or so.

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

This saved my time too :-)

• Proposed as answer by jkonline Thursday, September 20, 2012 3:46 PM

jay-dubb,

This worked for me, THANKS!!!

In my case the issue arose when I added MSCEP to my existing certificate services web enrollment.

Chris

Hi jay-dubb,

Thanks. Your steps worked out for me.

I am running CA role on a Windows Server 2008R2. The issue can be solved by adding the web server as a trusted site. I didn't try that.

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Thank You very much!

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Cool! Worked for me too. Thanks!!!

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Saved my butt. Thanks for posting!

Two and a half years later, this answer helped me too. Thanks.

For me I had a ups program that was running on port 80 and certsrv would not start. I set the service to a delayed start and I was good to go again.

I have no idea how you figured this out but I am glad you did. This saved us a ton of time. Thanks very much!

None of the responses help me to solve the problem; here is how I solved it.

My Problem started when I shared the folder.

When I Enabled Windows Authentication It started giving me a Login Windows for User Name & Password, That was not desired by me so I disabled the Windows Authentication, in fact all of them expect the Anonymous Authentication, When Clicked EditAnonymous Authentication it showed a user it was IUSR I gave full rights to IUSR for the subject folder and my website started working

 

Setting the user in this edit menu to "Application pool identity" worked for me.

Hello Jay

This worked like a charm!! However, need help in understanding a point here. When we are accessing the web application with the ip address, application shows up. However, when we use the DNS name, we are seeing this error which got fixed after changing the Providers to NTLM under windows authentication. Why is this behaviour? 

Thanks,
Pavan

Thanks, it worked!

I was having trouble accessing the Certificate Services web site (Certsrv) in Windows Server 2012, and changing the order of the Windows authentication providers did the trick.

Thanks!

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

I was looking for this solution for a long time!! Thanks a lot!! 

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

Thanks for posting this, you've saved me too :)

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

worked for me as well. thanks very much!

Took me a good 2 days to figure out, but I was getting "401 - Unauthorized: Access is denied due to invalid credentials." as well when I tried to access the webserver from itself. I could browse to it from any other computer and type in the user/pass without error, but it would not let me browse to it from within the webserver.

After 2 days of troubleshooting (trying all the solutions in this thread), my solution was to add a Reg key called DisableLoopbackCheck.

Here's the MS KB article:

http://support.microsoft.com/kb/896861

Very silly that you'd need a reg key for this to work.. But hey, at least we finally figured it out! Hope this helps someone else in the future.

This issue suddenly popped up one fine day..Fortunately I was able to easily fix this moving NTLM to top. Mine IIS was 7.5 in WIN Server 2008 R2..

Thanks a lot...

I had this problem before.

I suggest double checking that you have authentication rules set in place (I am using IIS 8):

1. Go to IIS manager
2. Select your desired website
   
3. Select the Authentication Rules feature
4. Along the left hand side in the Actions pane select Add Allow Rule
5. Select Anonymous Users and click OK

Whola!  I hope this helps some of you :)

Peter

To whoever this may help, this saved my life...

IIS 7 was difficult for figuring out why i was getting the 401 - Unauthorized: Access is denied due to invalid credentials... until i did this...

1.) Open iis and select the website that is causing the 401

2.) Open the "Authentication" property under the "IIS" header

3.) Click the "Windows Authentication" item and click "Providers"

4.) For me the issue was that Negotiate was above NTLM. I assume that there was some kind of handshake going on behind the scenes, but i was never really authenticated. I moved the NTLM to the top most spot, and BAM that fixed it.

**********************************************

This worked for me.  You Rock!

Hey Jay-Dubb

Your fixed worked!!! I have been trying to resolve this for some time and would have never gone into those settings if I had not seen this article.

You are also a lifesaver!!!  It's people you who contribute to technical resolutions that should get a pat on the back.

I signed up here just to reply to this article as it was worth the signup to thank you.

If we all contribute, life would be much much easier for admins and IT people alike!!  Keep it up!.

M

Right click on Anonymous Authentication and select 'Edit' check "Application pool"

I had the same issue on IIS 8 and Windows Server 2012.

I shared the root folder that contained all my websites so I could access the files (to publish updates) over the network.  As soon as I shared the folder it removed the "read" access from "servername\users". (servername = the name of your server then \users).

I followed the steps to add the windows authentication, but it didn't fix my issue.  Re-adding the servername\users to the security tab instantly fixed my issues.  Sharing had removed it.

To do this, right click the root folder where your website resides (in my case C:\websites\abc.com) I right click "websites" click properties, go to the security tab, click "edit" under the "Group or usernames:" box.  Click "add" and type in "users" click ok.  Done.  The "read" permissions are already set.

Hope this helps someone.

You are the best. This fixed the issue.

Bang on solution. This fixed my issue. Thanks a ton.