CRM 2011 – Multiple Prompts for Credentials (401 Unauthorized)

A client recently encountered an issue with their UAT server, which prompted users for credentials three times before displaying an HTTP 401 (Unauthorized) error whenever they tried to login to CRM. Note that this only occurred when trying to access CRM by referencing the server name directly in the URL, for example http://myserver/crm. We found that a temporary workaround was to ask users to access CRM via the server IP address, in which access was granted upon the first attempt.


The actual cause of the error was due to the SPN (Service Principle Name) entries for the CRM application service account. The SPNs for the UAT server referenced the fully qualified domain name of that server. For example:

http/myserver.frostys.local FROSTYS\CRM2011.service

To fix the issue, simple remove the SPN which references the FQDN of the server and replace it with the following:

http/myserver FROSTYS\CRM2011.service

Please note that it may take up to 15mins to take affect but you should be able to login to CRM without the 401 unauthorized error.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s