MORE INFORMATION

The proxy configuration utility allows you to configure WinHTTP proxy settings that are required by the ServerXMLHTTP object. This object relies on WinHTTP to establish server-to-server HTTP connections. When you use ServerXMLHTTP code to execute HTTP operations against a Web site, you often receive the 401 - Access Denied HTTP error message when one of the following two conditions is true:

• Proxycfg.exe was not executed to correctly set the proxy settings that are required by ServerXMLHTTP.
• Microsoft Internet Information Server (IIS) was not restarted after Proxycfg.exe was run to specify the proxy settings required by ServerXMLHTTP.

For additional information on downloading and using the Proxycfg.exe utility to configure the WinHTTP settings required by ServerXMLHTTP in an environment that uses a proxy server, click the article number below to view the article in the Microsoft Knowledge Base:

When you use MSXML 3.0, if Proxycfg.exe has not been run, the ServerXMLHTTP object defaults to accessing sites directly. This is the equivalent to running the proxycfg -d setting, which configures WinHTTP to use a non-proxy setup. In MSXML 3.0, ServerXMLHTTP requires Proxycfg.exe to be run even when there is no proxy server or, more specifically, where the process does not have write permissions to the registry (this is typically the case for the IWAM_machinename user account under which out-of-process ASP applications run).

The 401-Access Denied HTTP error may also occur under the following conditions:

• There is no proxy server.
• You are trying to access a site that is configured to use Integrated Windows authentication.
• A Valid NT User ID and password are not supplied in the call to the Open method of the ServerXMLHTTP Object.
• The logged on user (that is, the user under whose credentials the ServerXMLHTTP object code is executing) does not have the required access permissions to execute the requested HTTP operation.

Usually, by setting a proxy and bypass list, the ServerXMLHTTP object automatically handles the authentication so that you do not have to supply credentials in the Open method call. The ServerXMLHTTP only performs this automatic logon if it sees that the target server is on the same intranet domain as the client. The heuristic that the ServerXMLHTTP uses to make this determination is comprised of the following checks:

1. Is a proxy server set?
2. Can the proxy server be bypassed for the particular Web server to which the request is sent?

If the answer to both of these questions is "yes", ServerXMLHTTP attempts to authenticate automatically, and the script code does not need to specify a username and password explicitly in the call to the Open method.

The following Knowledge Base article describes settings that can correct the problem if the environment uses a proxy server:

NOTE: If the environment does not use a proxy server, the settings that are described in the above article will not fix the problem that is described in the "Symptoms" section.

If you want to use the ServerXMLHTTP auto logon feature in an environment that does not use a proxy server (to access a site that is configured to use Integrated Windows authentication), you should set the Proxycfg setting using a command identical to the following. Include the name(s) of the Intranet IIS Servers against which you wish to execute HTTP operations using the ServerXMLHTTP object in the semicolon (;) separated proxy bypass list:

proxycfg -d -p "<local>" "< ; separated list of servers to bypass using a proxy>" 

Because Proxycfg writes to the registry, you must restart the IIS Admin Service and the W3C Service for the Proxycfg settings to take effect.

Alternatively, explicitly supplying the NT username and password in the call to the Open method of the ServerXMLHTTP object as shown in the following example also fixes the problem:

SXH.Open "GET", MyUrl, false, "Valid NT UserName", "NT UserPassword"