“HTTP Error 401. The requested resource requires user authentication.” in IIS7
IIS 7 sites can be authenticated in “User mode” as well as “Kernel mode”. When we configure kerberos and use IIS 7 site in kernel mode authorization mode, SharePoint sites will give an error:
“HTTP Error 401. The requested resource requires user authentication.”
Take a look at the following article to understand how IIS7 authentication works.
http://learn.iis.net/page.aspx/101/introduction-to-iis7-architecture/#Application
RESOLUTION:
Disable the kernel mode authentication in IIS7.
You can disable Kernel-mode authentication by clicking Advanced Settings of the web site in IIS.
NOTE: As a best practice, you should not disable this setting if you use Kerberos authentication and a custom identity on the application pool.
But at this point, we do not have any alternative at this point. May be SP2 for Office Servers should provide a resolution for this.
http://support.microsoft.com/kb/968170
Hey Amol,
Nice to see a lot of good stuff written in your blog. Well, one quick though this post. The reason why this is failing in Kernal mode is we try to get the SPN using local system account instead of application pool identity. We have an option ensuring the application pool identity being used even in kernal mode. For this we need to set useAppPoolCredentials to true as shown below.
</system.webServer
Sojesh
May 1, 2009 at 8:37 am