401 Unauthorized

If you ever configured server-based authentication with Dynamics 365 Online and SharePoint On-Premises, chances are you have seen the infamous Failed Authentication – 401 Unauthorized Error when you run the “Enable Server-Based SharePoint Integration’ wizard in Dynamics 365.

Failed Authentication - 401 Unauthorised Error

I have seen this error many times and in this article I have listed some of the root causes for the error.

The official Microsoft documentation which includes all the steps required for the Dynamics 365 Online and SharePoint On-Premises is below.


Missing Hot Fixes

Make sure to check and double check if you have installed all the hot fixes mentioned in the official documentation.  In my case, the below hot fix was missing.

Hotfix KB2883081 for SharePoint Foundation 2013 August 12, 2014 (Sts-x-none.msp)

Missing SQL Server Permissions

Provide db_owner access for the service account on the SharePoint content database associated with the SharePoint Web Application.

Office 365 Global Admin, SharePoint Farm Admin, and Dynamics 365 System Admin Access

The User Account which runs the Wizard must have Office 365 Global Administrator role assigned, Dynamics 365 System Administrator role assigned, and included in SharePoint Farm Administrators group.


Missing App Principal Permission

Dynamics 365 application must be granted permission to the specified SharePoint site collection.  Run the below PowerShell script.  Note: make sure to modify the <sharepoint_base_url> and <sharepoint_site_collection_name> with your environment’s settings.

Once you run the command, check below link to see if the permission is created.


Incorrect Alternate Access Mappings

Check the Alternate Access Mappings.  Make sure you have below two entries for the given Web Application.  For example, if your public URL is contoso.com and server name is dyn365apps01, then the settings should look like below.

Dynamics 365 User’s SharePoint Email Field

Now, this one is optional.  In some cases I had to configure this and in other cases, I didn’t.  Different SharePoint and Dynamics 365 version combinations may be the reason.

In Dynamics 365 System User entity, there’s field called SharePoint Email Address.  This is usually not exposed and empty.  Edit the User form and add the SharePoint Email Address field to the form and Publish.  Populate the field with the same email address as the user’s SharePoint Work Email and click Save.

CRM 2016 On Premise claim based enabled & SharePoint 2013 On Premise with server-based authentication integration – 401 error

Finally, run IISRESET on the SharePoint server before running the “Enable Server-Based SharePoint Integration’ wizard again.

Thank you for visiting Dyn365Apps.com.

Follow me on Twitter to get the latest news, tips and tricks and more …

Until next time…

[Integration] Troubleshooting Dynamics 365 Online – SharePoint On-Premises – Failed Authentication – 401 Unauthorized Error

Leave a Reply