401.1 Access Denied error in IIS 6.0 (w/NTLM)

If you ever find yourself with an IIS web site that suddenly stops accepting NTLM, make sure Keep Alive is on (web -> Properties -> Web Site -> Enable HTTP Keep-Alives). As it turns out, NTLM requires keep alive.

In retrospect it’s perfectly clear why keep alive is required, but it sure isn’t an obvious troubleshooting step. Also, if you have keep-alive turned off and then enable Integrated Windows Authentication, keep-alive won’t automatically turn itself on.

The result is that you are (depending on your browser) continually prompted for credentials or immediately redirected to a “HTTP Error 401.1 – Unauthorized: Access is denied due to invalid credentials” error.

If keep alive doesn’t solve your problem, Google will tell you about this and this and this. I recommend you skip all that and get Authentication and Access Control Diagnostics 1.0 (x86), which is how I eventually figured out what was wrong (there’s an x64 version too).

As it turns out, there are a bazillion other reasons why IIS might respond with a 401 error.

Good luck.


  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: