none
The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'. RRS feed

  • Question

  • I'm trying to debug some code a vendor built for us. We're encountering an error that appears to be rather common but none of the fixes I've found seems to do the trick. Here's the error:

    System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory) at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding) at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    This is a C# .net 4.5 console app that utilizes Project Server's PSI. There may have been some back-end network change that we are not privy to that lead to this error occurring. This code used to work without error.

    Things I've tried:

    1. Looback check disable and whitelist.
    2. Verifying AppPool accounts are local admins on the servers.
    3. Validating NTLM is actually enabled on the web site.
    4. Rebooting both the WFE and APP servers.
    5. Installing all of the latest SharePoint, .Net, Project Server and Windows Updates.
    6. I've run some WCF tracing but the above exception is all I seem to be able to get out of it.

    Any help would be much appreciated.

    Thursday, March 31, 2016 9:36 PM

All replies

  • Hello,

    >>The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'

    I also met the above error information some days ago, I solved it by using my Computer name or Fully Qualified Computer name instead of the IP address for the WCF service as following: http://YourComputerName:YourPortNumber/Service1.svc .

    If my solution does not work for you, please try to check the following similar threads:
    http://stackoverflow.com/questions/2608887/sharepoint-web-services-the-http-request-is-unauthorized-with-client-authenti .

    http://stackoverflow.com/questions/4919912/the-http-request-is-unauthorized-with-client-authentication-scheme-ntlm .

    Thanks for your understanding.


    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.



    Friday, April 1, 2016 10:58 AM
    Moderator
  • Unfortunately I've tried most of these suggestions. We didn't touch the code at all so it doesn't make sense that a code change should be necessary unless a SharePoint or Windows update shut down a previously valid authentication method.

    Is it possible something in the binding was deprecated?

    <binding name="CustomBinding_Project">
    <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport" requireDerivedKeys="false" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
    <localClientSettings detectReplays="false" />
    <localServiceSettings detectReplays="false" />
    </security>
    <textMessageEncoding />
    <httpsTransport />
    </binding>

    Wednesday, April 13, 2016 10:42 PM
  • Hello,

    Could you please show all your service and client config file in here? I want to check some information from your config file.

    Thanks for your understanding.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, April 15, 2016 4:39 AM
    Moderator
  • Here's the full content:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
        <startup> 
            <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
        </startup>
        <system.serviceModel>
            <bindings>
                <customBinding>
                    <binding name="CustomBinding_Project">
                        <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
                            requireDerivedKeys="false" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                            <localClientSettings detectReplays="false" />
                            <localServiceSettings detectReplays="false" />
                        </security>
                        <textMessageEncoding />
                        <httpsTransport />
                    </binding>
                    <binding name="CustomBinding_Project1">
                        <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
                            requireDerivedKeys="false" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                            <localClientSettings detectReplays="false" />
                            <localServiceSettings detectReplays="false" />
                        </security>
                        <textMessageEncoding />
                        <httpsTransport />
                    </binding>
                    <binding name="CustomBinding_QueueSystem">
                        <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
                            requireDerivedKeys="false" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                            <localClientSettings detectReplays="false" />
                            <localServiceSettings detectReplays="false" />
                        </security>
                        <textMessageEncoding />
                        <httpsTransport />
                    </binding>
                    <binding name="CustomBinding_QueueSystem1">
                        <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
                            requireDerivedKeys="false" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                            <localClientSettings detectReplays="false" />
                            <localServiceSettings detectReplays="false" />
                        </security>
                        <textMessageEncoding />
                        <httpsTransport />
                    </binding>
                    <binding name="CustomBinding_Resource">
                        <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
                            requireDerivedKeys="false" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                            <localClientSettings detectReplays="false" />
                            <localServiceSettings detectReplays="false" />
                        </security>
                        <textMessageEncoding />
                        <httpsTransport />
                    </binding>
                    <binding name="CustomBinding_Resource1">
                        <security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
                            requireDerivedKeys="false" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                            <localClientSettings detectReplays="false" />
                            <localServiceSettings detectReplays="false" />
                        </security>
                        <textMessageEncoding />
                        <httpsTransport />
                    </binding>
                </customBinding>
            </bindings>
            <client>
                <endpoint address="https://SERVER-FQDN:32844/0797dbebc3c342fea5f06561d004d90e/PSI/Project.svc/secure"
                    binding="customBinding" bindingConfiguration="CustomBinding_Project"
                    contract="SvcProject.Project" name="CustomBinding_Project" />
                <endpoint address="http://SERVER-FQDN:32843/0797dbebc3c342fea5f06561d004d90e/PSI/Project.svc"
                    binding="customBinding" bindingConfiguration="CustomBinding_Project1"
                    contract="SvcProject.Project" name="CustomBinding_Project1" />
                <endpoint address="https://SERVER-FQDN:32844/0797dbebc3c342fea5f06561d004d90e/PSI/QueueSystem.svc/secure"
                    binding="customBinding" bindingConfiguration="CustomBinding_QueueSystem"
                    contract="SvcQueueSystem.QueueSystem" name="CustomBinding_QueueSystem" />
                <endpoint address="http://SERVER-FQDN:32843/0797dbebc3c342fea5f06561d004d90e/PSI/QueueSystem.svc"
                    binding="customBinding" bindingConfiguration="CustomBinding_QueueSystem1"
                    contract="SvcQueueSystem.QueueSystem" name="CustomBinding_QueueSystem1" />
                <endpoint address="https://SERVER-FQDN:32844/0797dbebc3c342fea5f06561d004d90e/PSI/Resource.svc/secure"
                    binding="customBinding" bindingConfiguration="CustomBinding_Resource"
                    contract="SvcResource.Resource" name="CustomBinding_Resource" />
                <endpoint address="http://SERVER-FQDN:32843/0797dbebc3c342fea5f06561d004d90e/PSI/Resource.svc"
                    binding="customBinding" bindingConfiguration="CustomBinding_Resource1"
                    contract="SvcResource.Resource" name="CustomBinding_Resource1" />
            </client>
        </system.serviceModel>
      <appSettings>
        <add key="LogPath" value="c:\path\" />
        <add key="LogEnabled" value="True" />
        <add key="SiteUrl" value="https://PPMURL/" />
        <add key="ConnectionString" value="Data Source=SQLSERVER; Integrated Security=true; Initial Catalog=DATABASENAME;Pooling=true;Min Pool Size=5;Max Pool Size=60;Connect Timeout=50;" />
        <add key="IntakeList" value="Intake" />
        <add key="IntakeApprovedRequestList" value="IntakeApprovedRequest" />
        <add key="MaxProjectNumber" value="9000" />
      </appSettings>
    </configuration>

    Friday, April 15, 2016 4:58 PM
  • Hello,

    Thanks for your cooperation.

    Your web.config should be correct and as you said maybe the back-end network change or any settings cause the exception. So I will recommend you use the fiddler to capture the network and analyze the request and response to see if it will give you some useful information.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, April 19, 2016 3:59 PM
    Moderator