A client recently encountered an issue with their UAT server, which prompted users for credentials three times before displaying an HTTP 401 (Unauthorized) error whenever they tried to login to CRM. Note that this only occurred when trying to access CRM by referencing the server name directly in the URL, for example http://myserver/crm. We found that a temporary workaround was to ask users to access CRM via the server IP address, in which access was granted upon the first attempt.
The actual cause of the error was due to the SPN (Service Principle Name) entries for the CRM application service account. The SPNs for the UAT server referenced the fully qualified domain name of that server. For example:
http/myserver.frostys.local FROSTYS\CRM2011.service
To fix the issue, simple remove the SPN which references the FQDN of the server and replace it with the following:
http/myserver FROSTYS\CRM2011.service
Please note that it may take up to 15mins to take affect but you should be able to login to CRM without the 401 unauthorized error.