SharePoint 2010 Web Services 401 Unauthorised Error from InfoPath Forms Services

This is an intermittent error that kept appearing when we deployed an InfoPath form that used the GetUserProfileByName method in order to retrieve default profile information of the current user. It’s an amazingly useful function that instantly personalises the form itself and means users don’t have to retype information into a form that SharePoint should just “know”.

The error viewed in the SharePoint logs was:
Data adapter failed during OnLoad: The remote server returned an error: (401) Unauthorized.

and:
The following query failed: GetUserProfileByName (User: , Form Name: , … Type: DataAdapterException, Exception Message: The remote server returned an error: (401) Unauthorized. The remote server returned an error: (401) Unauthorized.)

Our setup is a two-node web-front-end SharePoint environment and we are using DNS round-robin load-balancing (I know it’s not “real” load-balancing but our hardware load balancers aren’t installed yet!). The point being that we have two web servers.

This issue occurs because of double-hop authentication. If you have two servers in your load-balancer and requests are not homed to the same server (i.e. instead of server1 requesting a web service from itself, it contacts server2 instead) then it is unable to pass your user credentials on to the other server. If you force the server to talk to “itself”, then it is able to use your credentials successfully and return the results from the web service.

The obvious solution is to fix load-balancing, but a workaround is to use the hosts file located at (NOTE no file extension on this file!):

c:\windows\system32\drivers\etc\hosts.

and add an entry on each server pointing to itself. For example, if you have two web servers, Server1 on 192.168.0.10 and Server2 on 192.168.0.11 your host file entry on Server1 would be:

192.168.0.10 your.sharepoint.address

and on Server2:

192.168.0.11 your.sharepoint.address

When each server makes a request to your.sharepoint.address, it will use the hosts file entry *first*, and always visit the correct IP address.

WARNING: Using the hosts. file in this way is supported by Microsoft, but can create issues for maintenance. Consider the case where you need to change the IP address for your server(s). You would need to ensure that the hosts file is also update to reflect the changes.