Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. FIX: You receive the error message "HTTP Error 401.1 - Unauthorized" sooner than expected when you try to log on to an IIS 7.0 Web site by using invalid credentials

FIX: You receive the error message "HTTP Error 401.1 - Unauthorized" sooner than expected when you try to log on to an IIS 7.0 Web site by using invalid credentials

View products that this article applies to.

Symptoms

Consider the following scenario:
  • You have Internet Information Services (IIS) 7.0 or 7.5 installed on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2.
  • You configure authentication settings for a Web site in IIS to only use Basic authentication.
  • You apply an account lockout policy for Active Directory on this computer. Specifically, you specify nonzero value for the Account lockout threshold setting.
  • You try to log on to the Web site by using invalid credentials.
In this scenario, you receive the following error message sooner than expected:
HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.
For example, you specify a value of "3" for the
Account lockout threshold setting. Then, you try to log on to the Web site two times by using invalid credentials. Then, you receive the following error message instead of receiving a third opportunity to supply correct credentials:
HTTP Error 401.1 - Unauthorized

You do not have permission to view this directory or page using the credentials that you supplied.

↑ Back to the top

Cause

The issue occurs because the authentication module that supports Basic authentication tries to log on two times for each unsuccessful logon. The basic authentication module first treats the logon credentials as having the Unicode encoding. When Windows rejects those credentials, the basic authentication module tries again by treating the credentials as having ASCII encoding. This causes two logon failures for each unsuccessful logon.

↑ Back to the top

Resolution

After you apply this hotfix, the basic authentication module compares the provided credentials in UTF-8 format and the format of the local code page. If there is no difference, the basic authentication module does not try to log on a second time for an unsuccessful logon.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

You must have IIS 7.0 installed to apply this hotfix. You must apply this hotfix on a computer that is running Windows Vista Service Pack 2 or Windows Server 2008 Service Pack 2. This fix is already included in Windows Server 2008 R2 Service Pack 1.

Restart requirement

You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For all supported x86-based versions of Windows Vista and of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Authbas.dll7.0.6002.2235233,79202-Mar-201016:24x86
For all supported x64-based versions of Windows Vista and of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Authbas.dll7.0.6002.2235239,42402-Mar-201016:19x64
For all supported IA-64-based versions of Windows Server 2008
File nameFile versionFile sizeDateTimePlatform
Authbas.dll7.0.6002.2235281,92002-Mar-201016:09IA-64

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

Steps to reproduce the problem

On a computer that is running IIS 7.0 or 7.5, you can follow these steps to reproduce the problem:  
  1. Create a Web site in IIS Manager and only enable Basic authentication for this Web site.
  2. Enable the Account Logon Failure auditing policy on the computer.
  3. Log on to the Web site by using invalid credentials.
  4. Open the Security logs by using Event Viewer. You can find two entries that have the following error message:
    An account failed to log on
For more information about how to configure account lockout policies, visit the following Microsoft Web site:
AD DS: Fine-grained password policies
For more information about how to configure basic authentication, visit the following Microsoft Web site:
Configure basic authentication (IIS 7)

↑ Back to the top

Additional file information

Additional File information Windows Server 2008 and Windows Vista

Additional file information for all supported x86-based versions of Windows Server 2008 and Windows Vista
File nameUpdate.mum
File version
File size2,540
Date (UTC)03-Mar-2010
Time (UTC)01:58
File nameX86_d468d9a71cd2146ec54dcae3085c6a5b_31bf3856ad364e35_6.0.6002.22352_none_1f53e6a6bb6cd996.manifest
File version
File size719
Date (UTC)03-Mar-2010
Time (UTC)01:58
File nameX86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22352_none_a20633fa31e23563.manifest
File version
File size4,960
Date (UTC)02-Mar-2010
Time (UTC)18:11
Additional file information for all supported x64-based versions of Windows Server 2008 and Windows Vista
File nameAmd64_8ddaf1684e365943a9fc3c89dc188acb_31bf3856ad364e35_6.0.6002.22352_none_2cb3444cc3438b76.manifest
File version
File size1,088
Date (UTC)03-Mar-2010
Time (UTC)01:58
File nameAmd64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22352_none_fe24cf7dea3fa699.manifest
File version
File size4,974
Date (UTC)02-Mar-2010
Time (UTC)18:04
File nameUpdate.mum
File version
File size2,558
Date (UTC)03-Mar-2010
Time (UTC)01:58
File nameWow64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22352_none_087979d01ea06894.manifest
File version
File size3,655
Date (UTC)02-Mar-2010
Time (UTC)18:02
Additional file information for all supported IA-64-based versions of Windows Server 2008 and Windows Vista
File nameIa64_33e0486a74d8c786d71fd00ff3bd5bb3_31bf3856ad364e35_6.0.6002.22352_none_c6ce476140526599.manifest
File version
File size1,086
Date (UTC)03-Mar-2010
Time (UTC)01:58
File nameIa64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22352_none_a207d7f031e03e5f.manifest
File version
File size4,967
Date (UTC)02-Mar-2010
Time (UTC)17:43
File nameUpdate.mum
File version
File size1,412
Date (UTC)03-Mar-2010
Time (UTC)01:58
File nameWow64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22352_none_087979d01ea06894.manifest
File version
File size3,655
Date (UTC)02-Mar-2010
Time (UTC)18:02

↑ Back to the top

Keywords: kb, kbsurveynew, kbpubtypekc, kbqfe, kbhotfixserver, kbexpertiseadvanced, kbautohotfix

↑ Back to the top

Article Info
Article ID : 981280
Revision : 2
Created on : 9/18/2018
Published on : 9/18/2018
Exists online : False
Views : 208