This afternoon, we were working on creating a new site in a SharePoint 2007 farm and ran across an issue I’ve not seen before. When we tried to open and navigate the site, we were prompted for Windows credentials (that was a good thing) but after entering the username and password, we received the following IE error:
You are not authorized to view this page.
You do not have permission to view this directory or page using the credentials that you supplied.
HTTP Error 401.1 – Unauthorized: Access is denied due to invalid credentials.
Very strange indeed because the account has full control of the web application and is one of the site collection administrators for the site. After doing some quick research and not finding anything, I decided to just compare some of the settings for the IIS website to another site that is not having any issues. The sites are hosted on Windows 2003 servers with IIS 6.0. In viewing the IIS website properties, I noticed that "Enable HTTP Keep-Alives" was NOT selected although it was enabled for the other sites hosted on the same server.
What is an HTTP Keep-Alive and why would we need it? Per this Microsoft article, http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/d7e13ea5-4350-497e-ba34-b25c0e9efd68.mspx?mfr=true: "Most Web browsers request that the server keep the client connection open while the server sends multiple elements (.htm files and .gif or .jpeg files) to the client. Keeping the client connection open in this way is referred to as an HTTP Keep-Alive. Keep-Alive is an HTTP specification that improves server performance. HTTP Keep-Alives are enabled by default."
I’m not certain why it was disabled (since it’s enabled by default) but after enabling HTTP Keep-Alives for the site, I was able to open and navigate the site with no issues.