How to Fix SharePoint Error HTTP 401

An HTTP 401 (Unauthorized) error in SharePoint indicates that the web server rejected the user request because the authentication credentials provided are either invalid, expired, or missing. This error can manifest in web browsers, during OneDrive sync sync-ups, or inside Microsoft Office applications when connecting to site collections.

This guide outlines how to clear stored authentication states, update client credentials, and configure server identity providers.

Understand SharePoint HTTP 401 (Unauthorized)

The HTTP 401 error is commonly caused by:

1. Expired Tokens: Local OAuth 2.0 access tokens have expired, and the client failed to refresh them automatically.
2. Credential Conflicts: The OS Credential Manager is sending stale password profiles to SharePoint.
3. Mismatched Authentication Protocols: Modern authentication (ADAL/MSAL) is blocked or disabled on the tenant or local client machine.
4. IIS Configuration Issues (On-Premises): Mismatched Windows Authentication providers (NTLM vs. Kerberos) or disabled Anonymous access on subfolders.

Resolving SharePoint HTTP 401 Errors

Follow these steps to refresh your authentication tokens and resolve the error:

Step 1: Clear Cached Identity Credentials

Remove stored passwords and security identifiers from your operating system’s credential store.

:: Delete OneDrive cached entries from Windows Credential Manager
cmdkey /list | findstr /I "MicrosoftOffice" > %temp%\keys.txt
for /f "tokens=1,2*" %a in (%temp%\keys.txt) do cmdkey /delete:%c
del /q %temp%\keys.txt

# Clear macOS Microsoft identity cache files
rm -rf ~/Library/Group\ Containers/UBF8T346G9.Office/MicrosoftRegistrationDB.reg

Step 2: Flush Browser Access Tokens

If you see the 401 error in your web browser, clear the SharePoint cookie session.

1. Open your browser and navigate to the SharePoint page.
2. Click the Padlock icon in the address bar next to the URL.
3. Select Cookies and site data > Manage cookies and site data (or Site settings).
4. Click Remove All to delete the session cookies.
5. Close the browser, reopen it, and log back in.

Step 3: Verify Modern Authentication Policies

For SharePoint Online, modern authentication must be enabled.

# Connect to Microsoft Graph / Azure AD
Connect-MgGraph -Scopes "Organization.Read.All","Policy.ReadWrite.ApplicationConfiguration"

# Set Modern Auth active (ensure MSAL is supported)
# Connect to SharePoint Admin and verify Tenant settings:
Connect-SPOService -Url "https://yourcompany-admin.sharepoint.com"
Set-SPOTenant -LegacyAuthProtocolsEnabled $false

Step 4: Check IIS Authentication Settings (On-Premises Only)

For on-premises environments, verify that IIS is configured to allow the correct authentication protocols.

1. Open IIS Manager on the SharePoint server.
2. Under Sites, select the SharePoint Web Application.
3. Double-click the Authentication icon.
4. Verify that:
   • Windows Authentication is Enabled.
   • Anonymous Authentication is Disabled (unless explicitly required).
5. Click on Windows Authentication, and click Providers in the actions pane.
6. Ensure NTLM or Negotiate (Kerberos) is positioned at the top of the list according to your authentication strategy.

Summary Checklist

• Clear Windows Credential Manager entries or macOS Keychain logins.
• Log out and sign back in to the Office client application.
• Remove site-specific cookies using the browser’s security panel.
• Ensure Modern Authentication is enabled in the Microsoft 365 Admin Portal.
• On-Premises: Verify IIS Web Application Providers have NTLM or Negotiate enabled.