Quite often, I have observed “401 – Unauthorized error” when I access any web service(GetRunningWorkflowTasksForCurrentUserForListItem, GetUserProfilebyName – I have tried with these 2 services) from my Info Path form.
My form used a web service “GetRunningWorkflowTasksForCurrentUserForListItem” to get information such as task id assigned to the current user. The form was working like a charm in my development machine. But the moment it was moved to the acceptance environment, gone it was…
I can tell you I had access to this SharePoint web service. I could access the direct URL (i.e. http://SiteCollectionURL/_vti_bin/NintexWorkflow/Workflow.asmx or http://SiteCollectionURL/_vti_bin/UserProfileService.asmx) in the browser. So why unauthorized??
Also, the error did not have any obvious pattern. Adding to my woes, it was irregular too…
This was driving me nuts…Ugh
Nevertheless, analysis led me to know that my Acceptance environment has two Web Front End Servers(WFEs), one App Server and a load balancer (the cause of my troubles here). (Unlike, my development server had one WFE and one App Server, no load balancer.)
How it all works here
So, when I load the form, my load balancer calls one of the 2 WFEs and opens up the form. However, when the web service call is made, the request is passed through the load balancer again, to one of the 2 WFEs. This is hopping twice and is known as double hop or alternate hop.
The point here was my credentials were not following an action on the 2nd hop. In this case, the first hop was from my machine to the ServerA to open the form and the 2nd hop was from ServerA through the Load Balancer to ServerB to call the web service. So my credentials were following the first server action. However, my credentials were not following the 2nd action: the web service call. Therefore, the web service call was Unauthorized and error-ed out.
Some advice from the colleagues and i got my solution… Thank God!!
The solution was to force all actions (for an instance the form is opened) to happen from one server only.
In other words, if ServerA opens the Info Path form, force other actions (say …calling the web service) to also run on ServerA. This can be done by opening ServerA’s host file and telling it to use its own IP address to open the site. So when the first action is routed through the load balancer to ServerA, any additional action will be forced to run on ServerA as well.
So I made the entries in my Host files and guess what?? My problem was solved.