Error 401.1 appears when you localy browse a Web site that uses Integrated Authentication in IIS 6.0 - issues you should be aware when applying workaround.

When you use the fully qualified domain name (FQDN) or a custom host header to browse a local Web site that is hosted on a computer that is running Microsoft Internet Information Services (IIS) 5.1 or IIS 6, you receive an error message that resembles the following:

HTTP 401.1 - Unauthorized: Logon Failed

This issue occurs when the Web site uses Integrated Authentication and has a name that is mapped to the local loopback address. You only receive this error message if you try to browse the Web site directly on the server. If you browse the Web site from a client computer, the Web site works as expected.

There is workaround that might be used and is recommended (by MS) you don't have to restart your server when applying this one (just IISRESET is reccomeneded).
READ bellow to see possible issues that can occur if you apply this hotfix !!

MS states you have to do iisreset, BUT if you wait for some time - 15 min it will start working in some cases ( I know statement "It might work" is not so great but if the issue is not galaxy critical and you dont want to cause one by restarting iis during bussines hours, you can wait to see):

Specify host names

In Registry Editor add new Multi-String Value named BackConnectionHostNames in the string HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
as a value use your FQDN of Web site without "http://www." place one in separate row without any delimiter.

Second workaround is on http://support.microsoft.com/kb/896861

ATTENTION
when you use this method you HAVE to specify all the hostheaders/FQDNs you are accessing on the server as it will start throwing you Access denied on ones you have not specified and you have not faced the issue before (it will appear to END USERS , not just to you localy ) so that willcause several other issues.

Let say your application uses some external resources on that server and calls them as reaction on some action - edit page in CMS or some other custom application. If you don't specify also FQDN of that application/web your users might face unauthorised APPLICATION ERROR. It concretely happened to me with MCMS2002, where editors were not able to edit any pages until I havent disabled loopback check for URLs they were using. Immediately when they clicked on EDIT page application error occured.

Hope this will help somebody to avoid unneccessary problems..

KbNk;