Microsoft IIS web servers (which provide SharePoint services) define extended codes that give a more specific reason of the error:
Help for HTTP error 401: “Unauthorized”
This HTTP error usually1 appears in web browsers when the user has provided incorrect credentials when trying to access a web page.
Outline: Symptoms Cause What you can do about it Extra information Footnotes
Microsoft Windows Update reports HTTP 401 errors with error code 0x80244017 (hexadecimal 80244017).
Apache web servers report this as:
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.
Image from http://www.flickr.com/photos/apelad/
For a web server perspective on troubleshooting errors 401.1, 401.2 and 401.3, see
||The web server will announce this as “HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials”
||Logon failed due to server configuration
||Your web browser and the IIS server could not agree on an authentication protocol
The web server will announce this as “HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.”
||Unauthorized due to ACL on resource
||The server could authenticate you, but you do not have sufficient permission to access the content requested.
The web server will announce this as “HTTP Error 401.3 - Unauthorized: Access is denied due to an ACL set on the requested resource.”
See also Troubleshooting HTTP 401.3 errors with Process Monitor
||Authorization failed by filter
||Authorization failed by ISAPI/CGI application
Microsoft Knowledge Base article 907273: “Troubleshooting HTTP 401 errors in IIS”
Web browsers typically display this error the second time that it occurs for a request. Usually the first time that it occurs is when the browser attempts to access an object without specifying any credentials. After receiving a HTTP 401 Unauthorised response, it should then ask you for credentials of the type needed by the server, and will only display this error if the credentials that you supply are not correct.
Access to a web site may be restricted according to the address of the web browser that is attempting to access it (e.g. access to a corporate intranet site may be permitted from addresses that belong to that company, but access from other addresses may require authorization), so this error might be caused by the address of your computer.
What you can do about it
- Check the credentials that you supplied. Check your username for typographical errors, and check that you are using the correct capitalization for your password (e.g. check that the CapsLock setting on your keyboard is appropriate).
- Check the address for errors, as per HTTP 404 errors. It is possible that an error in the address has led you from a page that doesn't require authentication to one that does.
- Contact the website administrator, asking what might have caused the problem, e.g. your account may have been disabled because the password expired.
The HTTP 403 Forbidden error is similar in that it indicates that access is not permitted to certain content, but whereas HTTP 401 indicates that the user needs to supply correct credentials in order to access the content, HTTP 403 indicates that access is forbidden, even though the supplied credentials may be valid.
1 It also arises on the first attempt to access a web page that can only be accessed with the right credentials, but in that case usually the web browser asks the users for credentials and then supplies them to the web server.