Http error 401.3 – unauthorized happens when the user account under which the IIS service runs does not have the required permissions to access and serve web server content.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related IIS queries.
What causes the error 'http error 401.3 – unauthorized' in IIS?
A few causes for the error includes:
- Firstly, the user authenticated by the Web server does not have permission to open the file on the file system.
- If the resource is located on a Universal Naming Convention (UNC) share, the authenticated user may not have sufficient share and NTFS permissions, or the permissions on the share may not match the permissions on the physical path.
- The file is encrypted.
How to fix the error 'http error 401.3 – unauthorized' in IIS?
Verify whether or not Anonymous Authentication is enable.
1. Firstly, open Windows Server Manager and expand the Roles.
2. Then, expand the Web Server (IIS) tree and highlight the Internet Information Services (IIS) Manager.
3. Then, expand the server name and select Webtrends Marketing Lab.
4. Under the IIS section to the right, open Authentication.
5. Finally, verify Anonymous Authentication’s status is set to Enable.
Assuming Anonymous Authentication is Enable and the error message persists, edit the Anonymous Authentication setting.
The default anonymous user identity should be the IUSR account, which should have access to the web server content.
If restrictions on this account prevent it from displaying this content then rights must be assign to enable functionality. Alternatively, selecting the "Set…" button will allow use of a different account, such as the Webtrends service account, though this will also require the same rights as the IUSR account.
An additional option is to select the Application pool identity which uses the Network Service account, but this will also grant anonymous users access to all internal network locations.
To assign access rights, add the chosen account to the IIS_IUSRS group under the Local Users and Groups option in the Computer Management console.
To effect the changes made above, Open the IIS Manager.
Stop, then restart the IIS Manager (or run "iisreset" from a command line).
You can also try the steps below:
- Open Windows Explorer and check the ACLs for the file that is being requested. Make sure that the user accessing the Web site is not being explicitly denied access, and that they do have permission to open the file.
- Open Windows Explorer and check the ACLs for the share and the physical path. Ensure that both ACLs allow the user to access the resource.
- Open Windows Explorer and check the encryption properties for the file that is being requested. (This setting is located in the Advanced attribute properties dialog.).
- Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests.