Share via

Azure DevOps Server (on-prem), cannot get past "401 - Uh-oh, you do not have access."

Joseph Choi 5 Reputation points
2026-01-05T17:36:03.34+00:00

Apologies in advance for the lengthy question.

I am using Azure DevOps Server on a local server (VM).

Install and setup completes without any issues. I am able to setup repos and pipelines, add work items, everything is great.

Then after a few days, my account - which is admin - appears to get locked out and I am presented with "401 - Uh-oh, you do not have access."

This is the second attempt, I was unable to resolve this issue the first time it happened, so started all over on a second attempt. Now the issue has returned on the new, second install.

Strange thing is, I took a backup of the server at a point where everything was working. When I restore to this state, I am continuing to see the 401 unauthorized issue. So it appears my account is failing to authenticate against AD for devops. But I am able to access all other areas of my organization with my account. So the conclusion is devops is failing to recognize me at all.

So far I've tried recycling the application pool, resetting / reapplying service account in devops console, restarting server, restarting IIS. Nothing seems to work.

I can supply whatever else you may need to diagnose this issue.

Thank you in advance.

Azure DevOps

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dr. Chris Benner 5 Reputation points
    2026-02-25T12:33:17.1+00:00

    Your account, ********@xxx-xxx.eu is not authorized to view this page. Make sure the URL is correct and your account has access. View a list of your organizations here. You may request access by contacting the admin.

    Currently, the only thing that helps is detaching the Project Collection. After reattaching it, I add my user account back to the Project Collection Administrators group, and then it works again. However, this is not really “usable” with this error (and no, it is not due to AD or cache. Everything has already been checked thoroughly). The problem is that the permissions are suddenly gone (on the server).

    Was this answer helpful?

    2 people found this answer helpful.
  2. Joseph Choi 5 Reputation points
    2026-01-08T18:50:49.97+00:00

    Unfortunately none of the above does anything.

    Would it be possible to get in-person support? We are prepared to pay for services.

    Thank you.

    Was this answer helpful?

    0 comments
  3. Pravallika KV 15,630 Reputation points Microsoft External Staff Moderator
    2026-01-06T06:43:22.45+00:00

    Hi @Joseph Choi ,

    Thanks for reaching out to Microsoft Q&A.

    "401 - Uh-oh, you do not have access" error.

    Below are some troubleshooting steps that might help you resolve this error.

    1. Check User Access: First, verify that your account is still listed in the Azure DevOps organization's user directory. Sometimes accounts can inadvertently be removed or experience permission issues.
    2. Correct Account Type: Make sure you're signing in with the correct User Principal Name (UPN). If you have multiple accounts (work and personal) using the same email, it’s essential to use the UPN that's associated with your Azure DevOps account, for example, ******@contoso.com instead of an alias.
    3. Permissions for Projects: Even if you are an admin, check that you still have the necessary permissions for accessing specific projects or resources. Permissions can vary by resource, and it’s possible your account lost some permissions.
    4. Sign Out and Clear Credentials: Try completely signing out of Azure DevOps, clearing your browser cookies, and signing back in. You can do this using Incognito or InPrivate mode in your browser.
    5. Re-evaluate your Permissions: If recent changes were made to your security group membership or other settings, have you prompted a re-evaluation of your permissions? You can do this within the user settings.
    6. Potential AD Issues: Since you mentioned Active Directory (AD), ensure that any group policies or conditional access policies associated with your account or organization are not interfering. Sometimes, issues can arise due to security policies enacted by your organization.
    7. Check Application Pool: Since you've already recycled the application pool and restarted IIS, if you can, check the server logs for any indicators why the application may not recognize your account properly.

    Here's a reference list linking to relevant documentation that might be helpful:

    I hope this helps!

    Was this answer helpful?

    0 comments
  4. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  5. Jerald Felix 11,555 Reputation points Volunteer Moderator
    2026-01-06T01:04:19.5033333+00:00

    Hello Joseph Choi,

    Thanks for raising this question in the Q&A forum! 401 Unauthorized in Azure DevOps Server (on-premise) typically stems from incorrect PAT encoding, insufficient permissions, or authentication method mismatches. On-premise servers require Basic Auth with Base64-encoded PAT (not plain PAT).​

    Quick Fix: Correct PAT Encoding

    Azure DevOps Server requires PAT prepended with colon before Base64 encoding:

    python
import

    Common 401 Causes & Fixes

    Issue Solution
    Missing colon prefix Encode :{PAT} not just {PAT}
    -------- --------
    Missing colon prefix Encode :{PAT} not just {PAT}
    Wrong auth type Use Basic not Bearer
    Insufficient PAT scopes Regenerate PAT with required permissions ​
    Organization-level API Requires Project Collection Admin role​
    Cached credentials Clear browser cache/use incognito

    Verify PAT Permissions

    On-premise Server PAT creation:​

    Server URL → User SettingsSecurityPersonal access tokens

    Click New Token

    Select required scopes (Code: Read/Write, Work Items: Read/Write)

    Set expiration (max 1 year for on-premise)

    Copy token immediately (shown only once)

    Test Authentication

    bash
# PowerShell - Windows

    bash
# curl - Linux/Mac

    On-Premise Specific Issues

    • IIS Authentication: Ensure Anonymous Authentication enabled in IIS for REST API endpoints​
    • Windows Auth conflict: Disable Windows Authentication if using PAT​
    • API version: Use api-version=6.0 or 5.0 for Server 2020/2019 (not 7.x)​
    • Collection path: Include /tfs/CollectionName/ in URL (not just /)​

    Debugging Steps

    Test PAT in browser: https://:{PAT}@your-server.com/tfs/DefaultCollection/_apis/projects

    Check server logs: C:\Program Files\Azure DevOps Server 2022\Application Tier\Web Services\_tfs_data\Logs

    Verify account: Navigate to https://your-server.com/tfs/_admin/_security

    1. Confirm collection access: User must be in Project Collection Valid Users

    Alternative: Alternate Authentication

    If PAT fails, use NTLM/Negotiate (Windows environments):​

    python
import

    If helpful, kindly accept the answer.

    Cheers,

    Jerald Felix

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.