Claims Windows Sign-In: Sending 401 for request because the user is not authenticated

Question

I am trying to get Sharepoint 2013 workflows working.

I am able to create the workflows but they do not start.

They always ask for HTTP. I am not sure why.

Looking at ULS logs I get the following error:

Claims Windows Sign-In: Sending 401 for request because the user is not authenticated and resource requires authentication.

I'm kind of stuck because I think I've done all the steps.

Answer 1

Hi @ComputerHabit,

Thank you for posting in this community.

First, please check your browser settings first:

1. Add this site to "Trusted sites"

• Open IE browser >> Internet options
• On the "Internet Options" windows >> Security >> Trusted sites >> Sites
• On the "Trusted sites" panel, add the site URL and uncheck the "Require server verification Mode" checkbox

• Click Close, and then click "Custom Level".
• On the "Security Settings - Trusted Sites Zone" panel, scroll to the vety bottom and select "Automatic logon with current user name and password" option
• Click Ok and Apply.

2. Disable LoopBackCheck with PowerShell

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name “DisableLoopbackCheck” -value “1” -PropertyType dword  1. Add this site to "Trusted sites"

---

Second, SharePoint workflows are not enough. We give write permission to SharePoint workflows by default. Most probably this permission is not enough, you can refer to this article to give higher permissions to your workflows.

SharePoint Workflow Suspended with Unauthorized 401

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link. 

---

Third, SharePoint updates cause problems.

If you're using OAuth and SAML claims, make sure your SharePoint farm is updated to at least the March 2016 cumulative update. This update includes fixes for issues related to claims-based authentication.

Reference: "401 unauthorized" error when using OAuth and SAML claims

---

Fourth, Kerberos authentication was enabled and caused a 401 issue.

Please refer to this article for a solution: HTTP Error 401 – Not Authorized Error in SharePoint site with Kerberos Authentication Enabled .

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link. 

---

Finally, if the problem persists, please refer to this article for more detailed error logs regarding authentication failures. This will help us to better pinpoint the issues that are generating the problem.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I think the issue was with the _layouts/15/appinv.aspx thing.

this was a migration from 2013 to subscription edition. I had to move the Workflows using a disaster recovery.

I deleted the 'app' in the site and then added it back.

Deactivate and activate again

Set app permissions kinda like this

I had done this. Then left thinking workflows were still broken. They started working overnight.
I'm not sure if there is some sort of timer job that needed to finish.