RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
You may experience authentication issues browsing http://companyweb on SBS 2003 and SBS 2008 servers after installing the cumulative security update for Internet Explorer (
KB963027
(http://kbalertz.com/Feedback.aspx?kbNumber=963027)
) or Internet Explorer 8.0 or Windows Server 2008 Service Pack 2.
When you try to browse Companyweb, you will be prompted for authentication 3 times and eventually receive a blank page or 401.1. Your IIS logs will show your request failing with 401.1 Unauthorized.
You may also notice on SBS 2008 that the Exchange powershell command test-outlookwebservices will fail the test of the autodiscover URL with the the error code 401 Unauthorized. Use Method 3 in the resolution section to resolve the 401 Unauthorized error code in the test-outlookwebservices powershell command.
Note You may experience authentication issues browsing Internal Web site on Remote Web Workplace on SBS 2008 servers after installing the cumulative security update for Internet Explorer (963027) or Internet Explorer 8.0 or Windows Server 2008 Service Pack 2.
You can visit the http://companyweb instead after applying the resolution.
Please use one of the following resolutions depending on the version of SBS you are running.
SBS2003
On an SBS 2003 server this issue can be fixed by applying update KB961143.
Note You must have .NET Framework 2.0 installed before you apply this update.
SBS2008
Method 1
Apply SBS 2008 Update Rollup 2 (KB
960911
(http://kbalertz.com/Feedback.aspx?kbNumber=960911)
) or the latest available version of the SBS 2008 Update Rollup.
On an SBS 2008 server, this issue can be fixed by applying SBS 2008 Update Rollup 2 (KB
960911
(http://kbalertz.com/Feedback.aspx?kbNumber=960911)
). This update is now available on Microsoft Update and WSUS (must be approved by administrator).
In some cases, those resolutions may not resolve the issue. In those cases, we recommend users use the following steps to enable Kerberos authentication or specify the host names for NTLM authentication.
Method 2
Enable Negotiate (Kerberos) option for Sharepoint 3.0. To do this, follow these steps:
- Click Start, click Administrative Tools, click SharePoint 3.0 Central Administration, and then click Continue in the User Access Control dialog box.
- In the Authentication Providers page, click Application Management, and then click the "Authentication providers"Â on the Application Security tab.
- Check the Web Application, make sure the port is 987; otherwise change Web application to the URL which has the port 987.
- Click the "Default" zone, you will go to the Edit Authentication page.
- Check the Negotiate(Kerberos) option on the Integrated Windows Authentication tab.
- Click OK in the dialog which gives a warning that "You have chosed to use Kerberos with Integrated Windows authentication. Manual configuration steps by a domain administrator will be required if the application pool's security account is not the Network Service" and then click Save.
Method 3
Specify host names. To do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 - Right-click MSV1_0, point to New, and then click Multi-String Value.
- Type BackConnectionHostNames, and then press ENTER.
- Right-click BackConnectionHostNames, and then click Modify.
- In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
- For SBS 2003, you would enter Companyweb.
- For SBS 2008, you would enter the following list:
Companyweb Sites The FQDN that you entered when you ran the Internet Address Management Wizard, example remote.contoso.com.
- Quit Registry Editor, and then restart the IISAdmin service.
For steps to disable Loopback Chekcing and additional information see the following article in the Microsoft Knowledge Base:
896861
(http://kbalertz.com/Feedback.aspx?kbNumber=896861)
 You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or IIS 6
For additional information on troubleshooting 401 errors, see the following article in the Microsoft Knowledge Base:
907273
(http://kbalertz.com/Feedback.aspx?kbNumber=907273)
Troubleshooting HTTP 401 errors in IIS
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALSâ€) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.