401 Unauthorized error while calling a web service

I have already written about the 401 Unauthorized error earlier here. But I faced something else which I thought I should write to save someone else’s time.

Being the site collection administrator I didn’t expect this error, however when trying to access a web service from my site’s workflow I encountered it. Twice this has happened to me while moving my applications to the production server and I made it a point to write about it.

Background – My application has a Nintex workflow that uses the “Call Web Service” action. This action made a call to the copy.asmx web service. Worked all good until it was in my development and UAT machines. The moment I moved it to the live environment, it started throwing the 401 Unauthorized error. I ensured that the account accessing the web service has full control (also made it site collection administrator), still the error didn’t go.

On further investigation, when I tried opening the same web service in the browser from the server, it gave the same Unauthorized error. This cleared up the picture even more.

A bit of research and I found the reason behind it.
The .Net 3.5 framework introduces a loop-back problem that affects web service authentication in SharePoint. This issue doesn’t allow web services to be accessed by any mode (client/tool/server). Microsoft decided to introduce this, but unfortunately it breaks a number of different things in SharePoint.
Hence a registry entry has to be created in the web front end servers to resolve the loop back issue.

Implementation
Perform below steps on each of the SharePoint Web Front End Servers.

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.

Refer to http://support.microsoft.com/kb/896861/en-us for more details

Restarting the server is mandatory to ensure that the changes are effective.

The same change can be tested by various ways:

  • Opening the web service directly on the browser in the server
  • Calling the web service from Nintex’s Call web service action and test the connection (the error should vanish now)
  • Calling the web service from an InfoPath form

And there you go… the error is gone!!

Advertisements

2 thoughts on “401 Unauthorized error while calling a web service

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s