SharePoint Server 2016 Web App - 401 Unauthorized

Question

I am running SharePoint Server 2016 with two servers: an application and database server. I have created a new web application and site collection (URL is http://mysite.local/sites/site1) in SharePoint Central Administration under Manage web applications->New Web Application. Visiting this URL in the browser prompts for a username and password. However, even after entering a valid domain account, the login prompt continues to prompt for credentials, after which a 401 unauthorized message is shown.

Below are some of the web app settings I added, related to the authentication:

• Host header: mysite.local
• Port: 80
• Allow Anonymous: No
• Enable Windows Authentication: Yes
• Integrated Windows authentication (NTLM): Yes
• Basic authentication: Yes
• Enable Forms Based Authentication: No
• URL: http://mysite.local:80

I have added a mapping of the SharePoint server's IP address to mysite.local in the SharePoint server's hosts file for testing purposes. I have also added my domain account as an admin of the site collection.

I have also found the below error messages related to authentication in IIS manager under Sites-> My SharePoint Site -> Authentication:

"Challenge-based and login redirect-based authentication cannot be used simultaneously"

"Your applications might fail due to your current authentication settings"

I am not sure why I am experiencing the above errors since I created the web app in SharePoint and did not make any changes in IIS manager.

EDIT:

SharePoint error logs:

I have checked the trace logs under the following path:

%CommonProgramFiles%\Microsoft Shared\Web Server Extensions\16\LOGS\

and found some more info regarding the 401 unauthorized message:

Claims Windows Sign-In: Sending 401 for request ' http://mysite.local/sites/site1' because the user is not authenticated and resource requires authentication.

Alternate Access Mappings:

An entry has automatically been added for AAM:

• Internal URL: http://mysite.local
• Zone: Default
• Public URL for Zone: http://mysite.local

Regarding if accessing SharePoint site worked before adding host header:

I did not try to add web app in SharePoint on port 80 without a host header, since I have another site in IIS running on port 80. However, I did try adding a web app in SharePoint on a different port (port 81) without a host header e.g. http://192.168.137.1:81 and authenticating to this site worked successfully.

Answer 1

After trying to access the URL from a local machine, it worked. It was previously showing 401 Unauthorized since the login was attempted on the SharePoint server.

Answer 2

You should read up on msdn on how to setup SharePoint server. Could be several issues related to 401 errors.

I would advise that you read:

https://technet.microsoft.com/en-us/library/cc262957(v=office.16).aspx

I would look at your accounts that you used to setup SharePoint so in the above link on the first table look at the second row.

I would also look at the error log in your application server it would be more specific why its throwing a 401 error that would help solve your issue if you dont mind posting it as an update to your question. If its to do with your service account: Make sure that the service account for the application pool has the correct permissions (find out more in the link above second row).

Also make sure that you have your AMM setup.

https://social.technet.microsoft.com/wiki/contents/articles/34761.sharepoint-2016-managing-alternate-access-mapping-using-powershell-real-world-example.aspx

before you changed the headder (when you created the web application and the site) did you test to see if the site worked? if it did then you need to sort out your alternate access mapping. If it didnt then its a service account issue.