When browsing an IIS web site using IP address, everything looks fine, But when using FQDN or Computer Name, you keep getting HTTP 401.1 or 401.3
You might encounter this kind of errors if you have the following environment
- IIS is running under an specificed Application Pool
- The Application Pool is using a domain user account or under a local user account
- The web site is configured using Integrated Windows Authentication only
When this error occurs, a Kerberos error entry will be logged under System Event with Event ID 4.
- If the application pool is running under a Domain Account
- Download SetSpn utility from here
- Install setspn utility
- Open command prompt and execute the following commands
setspn.exe -a http/IIS_computer's_NetBIOS_name DomainName\UserName
setspn.exe -a http/IIS_computer's_FQDN DomainName\UserName
Domain\UserName is the user account your Application Pool is running under.
- If the application pool is running under a Local Account
- Open command prompt
- Locate and change directory to where Absutil.vbs located, by default, should be C:\Inetpub\AdminScripts
- Execute the following command
cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"
David Wang's Blog : Explain HTTP 401.X errors
Microsoft Support : How to resolve HTTP 401.1