Sharepoint Source - HTTP request is unauthorized with client authentication scheme ‘Ntlm’.

Mar 28, 2009 at 5:15 AM
Thankyou for building this.

I thought this would be really helpful and tried using it but below is the error we are getting in the SharePoint Source.

The HTTP request is unauthorized with client authentication schemeNtlm’. The authentication header received from the server was ‘NTLM’ -->System.Net.WebException; The remote server returned an error:(401) Unauthorized.

Can you please help us getting rid of this use the utility.

Thank you,
Mar 30, 2009 at 5:03 AM
Edited Mar 30, 2009 at 5:06 AM
I've heard of one case of this in regards to using it with a site with a custom site header . Try using a server+port. This confuses me a bit since I have it deployed in production and test with a site that uses a host header, but maybe if someone has some tips or advice on how to fix this i could resolve it for everyone.
Mar 31, 2009 at 5:19 PM

I had the same problem when I was trying to access a different server on a different network in a different domain that needed other credentials than the machine I was working on. Additionally, the connection was "https".
After modifying the app.config and hardcoding custom credentials, it worked for me. It would be great, if there was a way to configure the credentials at the same place as where all the other list values get configured.

In regards,

May 19, 2009 at 6:14 PM
Edited May 19, 2009 at 6:14 PM


I found the steps in the article below to resolve my issues with "The HTTP request is unauthorized with client authentication schemeNtlm’", while running the package as a scheduled job in SQL Server. I hope this helps.



Sep 28, 2009 at 4:29 PM


I encounter the same problem as Gulrez. When designing a DTSX package in BIDS and adding a "Sharepoint List Source" component, here is the issue : if siteUrl property is the server name + port, it works fine. But if siteUrl property is a host header (+ port), it fails with the error : HTTP request is unauthorized with client authentication scheme ‘Ntlm’...

BIDS and the two WSS sites are on the same server, there is no cross-domain problematic. I'm ready to help you if you need me to do additionnal testings, send logs, etc...



Sep 29, 2009 at 5:35 AM

I'm glad there is a workaround for now :)  If someone knows what I'm configuring incorrectly with the WCF Client, I'd be happy to make the change.

As for the credentials, that is a popular request, I am unable to do that at this time, but if someone wants to put that in there (connection manager, etc), it might be useful.

In the scenarios I work, we use NTLM security and do not put usernames/passwords in the package, so we have SQL Agent run the package using a SQL Credential/Proxy (username/password) which executes the whole package in that user's context.  This way the databases and other connections are all running a service account we can add to the necessary groups and so on.  That is our practice, perhaps it may work for yours.

For some, embedding the name/password is desired, and I would be happy to add the code if someone wants to jump on it.



Dec 1, 2011 at 10:39 PM

I know this is an old post, but we're seeing this same behavior:  we get a 401 error when we go to the Sharepoint server using a (load balanced) cname.  Because we don't have our AAM set up in Sharepoint to use anything but the one host header, we can work around this problem by editing the hosts file on the SSIS server, such that the host header resolves to a single server in the Sharepoint farm.  

When we do that, the 401 error disappears, even though we've not changed anything else.  This makes little sense to me, but I'm a DBA rather than a programmer, so I don't really get most of what's happening behind the scenes.

We can replicate this at will, so if I can help with troubleshooting, I'd be pleased to do so.

Error, FWIW, is:

Description: System.ServiceModel.Security.MessageSecurityException: The HTTPrequest is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.

Thanks!  -Lane

Dec 21, 2011 at 5:49 PM

Thanks for the offer Lane, perhaps in a few weeks if you're still available for this, I'll take you up on that :)

Dec 22, 2011 at 3:20 PM

I found there are some new articles which talk about this with some potential things I can do.  This is more a note for me, as I cannot do this right now:

I'll try to add this in after the new year, and maybe contact you for a test run.

     <endpoint address="http://sczc0019gk5/WebApplication1/Service1.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1" contract="WcfProxy.IService1" name="BasicHttpBinding_IService1">
       <servicePrincipalName value=""/>

May 23, 2012 at 7:19 PM

Heh.  I ran across this problem again today, as the local SSL cert for the server behind the load balancer expired over the weekend, so our packages are dying.  It's a curious thing.  If you've got some time to look at it, we'd be pleased to help!  Likewise, if there's something we're doing incorrectly or could be doing differently, we'd like to fix that.

Thanks for making such a tremendously useful product; it's a serious lifesaver.