A “401 Error” means that something made an unauthorized request of the Solr cluster. This usually indicates a problem with Solr Basic Auth or with the authorization header of the HTTP request, but sometimes it is just a symptom of a larger problem.
The following issues can produce a 401 Error:
- If the issue arises during the initial phases of development, check your Basic Auth configuration.
- A more subtle problem can arise when you include Basic Auth credentials in the URL of a deployment, such as:
If the password contains special characters (such as % signs), you will get a 401 error saying “Not a valid Solr URL.” You may need to use HTML Percent Encoding to pass special characters through the URL. For intance, substitute %25 for % in the URL string, so the above password becomes “pass%25word”. Or… simplify the password.
- Attempts to issue /select or /update requests from a PowerShell script can generate 401 Errors when trying to pass Solr Basic Auth credentials. See Basic Auth Credentials in PowerShell.
- There was a problem in Sitecore that sometimes produced 401 Errors in the load-balancer log files. Otherwise identical requests from Sitecore would succeed (200) or sometimes fail (401) because Sitecore didn’t always include the authorization header in the request. If you see this pattern in the load balancer log files, please contact Sitecore for assistance.
- There is a known problem with Solr 8.1.1 in which internode update requests between shards generate 401 errors visible in solr.log. One of the tell-tale signs of this bug is that the 401 error is intermittent and is usually buried in an avalanche of successful update requests. The problem was fixed in Solr 8.2.0. See SOLR-13510 Intermittent 401’s for internode requests with basicauth enabled – ASF JIRA (apache.org). Let us know if you need help to upgrade to 8.2.
- Sometimes a client will flood Solr with single-document index-update requests (twenty per second in one case). Solr can throw 401 errors as it gets behind. The solution is to batch the requests.