"User has not been authenticated" error when you try to access a network drive that's mapped to a web share


Consider the following scenario on a Windows-based computer:
  • You map a network drive to a web share that requires user credentials.
  • You configure the drive to use the Reconnect at logon option.
  • You enter the user credentials, and then you select the Remember my password check box when you access the drive.
  • You restart the computer, or you log off from Windows.
In this scenario, when you log on to the computer again, you receive an error message that resembles the following when you try to access the mapped drive:
An error occurred while connecting to address
The operation being requested was not performed because the user has not been authenticated
The connection has not been restored
Note The mapped drive appears as disconnected after you log on to the computer again.


This issue occurs because the Web Distributed Authoring and Versioning (WebDAV) redirector uses Windows HTTP Services (WinHTTP) instead of the Windows Internet (WinInet) API. In a non-proxy network configuration, WinHTTP sends user credentials only in response to requests that occur on a local intranet site. Therefore, if no proxy is configured, you may be unable to access a share that requires user credentials.


Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To resolve this problem, apply hotfix 943280.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

943280 You are prompted to enter your credentials when you access an FQDN site by using a Windows Vista-based client computer that has no proxy configured
After you apply this hotfix, you must create a registry entry. To do this, follow these steps:
  1. Click Start, type regedit in the Start Search box, and then press Enter.
  2. Locate and then click the following subkey:
  3. On the Edit menu, point to New, and then click Multi-String Value.
  4. Type AuthForwardServerList , and then press Enter.
  5. On the Edit menu, click Modify.
  6. In the Value date box, type the URL of the server that hosts the web share, and then click OK.

    Note You can also type a list of URLs in the Value date box. For more information, see the "Sample URL list" section.
  7. Exit Registry Editor.
After this registry entry is created, the WebClient service will read the entry value. If the client computer tries to access a URL that matches any of the expressions in the list, the user credential will be successfully sent to authenticate the user even if no proxy is configured.

Note You must restart the WebClient service after you modify the registry.

Sample URL list

The following is a sample URL list:
This URL list enables the WebClient service to send credentials through the following channels.

Note After you configure this URL list, the credentials will automatically authenticate to the WebDAV servers even if these servers are on the Internet.
  • Any encrypted channel to a child domain of a domain whose name is Contoso.com.
  • Any nonsecure channel to a child domain of a domain whose name is dns.live.com.
  • Any channel to a server whose name ends with ".microsoft.com."
  • Any encrypted channel to a host whose IP address is

Things to avoid in the URL list

  • Do not add an asterisk (*) at the end of a URL. When you do this, a security risk may result. For example, do not use the following:
  • Do not add an asterisk (*) before or after a string. When you do this, the WebClient service can send user credentials to more servers. For example, do not use the following:
    • http://*Contoso.com

      In this example, the service also sends user credentials to http://extra_charactersContoso.com.
    • http://Contoso*.com

      In this example, the service also sends user credentials to http://Contosoextra_characters.com.
  • Do not type the UNC name of a host in the URL list. For example, do not use the following:
  • Do not include the share name or the port number to be used in the URL list. For example, do not use the following:
    • http://*.dns.live.com/DavShare
    • http://*dns.live.com:80
  • Do not use IPv6 in the URL list.
Important This URL list has no effect on the security zone settings, and this URL list is used only for the specific purpose of forwarding the credentials to WebDAV servers. Create the list as restrictively as possible to avoid any security issues. Also, notice that there is no specific deny list. Therefore, the credentials are forwarded to all the servers that match this list.

If Basic authentication or Digest authentication is implemented in the network, hotfix 943280 cannot change this behavior. This behavior is by design in Basic authentication mode and in Digest authentication mode.

IIS does not support Windows authentication over the Internet. Therefore, this hotfix applies only to the Intranet scenarios.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Identyfikator artykułu: 941050 — ostatni przegląd: 06.02.2017 — zmiana: 10

Windows Vista Enterprise 64-bit edition, Windows Vista Ultimate 64-bit edition, Windows Vista Business, Windows Vista Business 64-bit edition, Windows Vista Enterprise, Windows Vista Ultimate, Windows 7 Home Premium, Windows 7 Professional, Windows 7 Home Basic, Windows 7 Service Pack 1, Windows 8.1, Windows 8.1 Pro, Windows 8.1 Enterprise, Windows 10, Windows 10 Pro, Windows 10 Home, Windows 10 Enterprise