Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

‘http error 401.3 – unauthorized’ in IIS – How to resolve.

by | May 26, 2021

Wondering how to resolve ‘http error 401.3 – unauthorized’ in IIS? We can help you.

This error appears when the user account under which the IIS service runs does not have the required permissions to access and serve web server content.

Here at Bobcares, we handle requests from our customers using Windows servers to fix similar issues as a part of Server Management Services.

Today, let’s see how our Support Engineers fix this.

What causes the error ‘http error 401.3 – unauthorized’ in IIS?


At times while accessing sites users see the error as shown below:

http error 401.3 – unauthorized iis

Today, let us see some of the causes for the error.

  • Firstly, the user authenticated by the Web server does not have permission to open the file on the file system.
  • If the resource is located on a Universal Naming Convention (UNC) share, the authenticated user may not have sufficient share and NTFS permissions, or the permissions on the share may not match the permissions on the physical path.
  • The file is encrypted.


How can we resolve the error ‘http error 401.3 – unauthorized’ in IIS?


Today, let us see the steps followed by our Support Techs to resolve the error ‘http error 401.3 – unauthorized’

Verify whether or not Anonymous Authentication is enable.

1. Firstly, open Windows Server Manager and expand the Roles.

2. Then, expand the Web Server (IIS) tree and highlight the Internet Information Services (IIS) Manager.

3. Then, expand the server name and select Webtrends Marketing Lab.

4. Under the IIS section to the right, open Authentication.

5. Finally, verify Anonymous Authentication’s status is set to Enable.

Assuming Anonymous Authentication is Enable and the error message persists, edit the Anonymous Authentication setting.

The default anonymous user identity should be the IUSR account, which should have access to the web server content.

If restrictions on this account prevent it from displaying this content then rights must be assign to enable functionality. Alternatively, selecting the “Set…” button will allow use of a different account, such as the Webtrends service account, though this will also require the same rights as the IUSR account.

An additional option is to select the Application pool identity which uses the Network Service account, but this will also grant anonymous users access to all internal network locations

To assign access rights, add the chosen account to the IIS_IUSRS group under the Local Users and Groups option in the Computer Management console.

To effect the changes made above, Open the IIS Manager. Stop, then restart the IIS Manager (or run “iisreset” from a command line).


Alternative steps that we can try

  • Open Windows Explorer and check the ACLs for the file that is being requested. Make sure that the user accessing the Web site is not being explicitly denied access, and that they do have permission to open the file.
  • Open Windows Explorer and check the ACLs for the share and the physical path. Ensure that both ACLs allow the user to access the resource.
  • Open Windows Explorer and check the encryption properties for the file that is being requested. (This setting is located in the Advanced attribute properties dialog.)
  • Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests.


[Need help to fix this windows error? We’d be happy to assist]



Today, we saw the causes and solutions provided for the error ‘http error 401.3 – unauthorized’ in IIS by our Support Techs.



Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.


var google_conversion_label = "owonCMyG5nEQ0aD71QM";


Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center


Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]


Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid


Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie


These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.