About HTTP 401 (Unauthorized) when I reply script in VuGen

When I reply script in VuGen, the HTTP 401 is popped up. By URL mode, the web_set_user function automatically is added.

At last week, my script can reply successful. But now, the HTTP 401 error is popped up. (Note: the username and password are right, and I can use it to logon web).

Error -26630: HTTP Status-Code=401 (Unauthorized) for......

  • Verified Answer

    It is solved.

    runtime setting -> Internet protocol->perference , check WinINet replay instead of sockets

  • If providing the "web_set_user" or Proxy Authentication is not solving the issue, Please follow the below solution: Its a bit lenghty but it would probably solve the issue. Please read on

    When we face the 401(Unauthorized) error in Load Runner while replaying the script that implies we are providing some Invalid /No Login credentials.

    If you have already included Authorization credentials (web_set_user/proxy authentication) in your script, but still getting the ‘401’ response indicates that -authorization has been refused for those credentials provided. In that case we are missing some authentication that is not being captured by the Load Runner.

    Steps to handle the issue:

    1. Take the Fiddler capture of the specific request which is failing in Load Runner.
    2. In the Fiddler select the specific captured request, and go to Request Headers.
    3. In Miscellaneous section you would find “X-CustomSecurity-Token”, which would be having a value like: ‘6qk44UmAFmvFtsE7mtY X9sbukhashdf67a87gfnasuifb76897a90sfk ahsfa989WtYDWaEyKsIeds1nmL6tHoDApfHDnMb9rN4= ‘ This is the security token which is being sent in the Header but is not being captured by Load Runner. So you need to explicitly send this in the Header of the request of Load Runner.
    4. Syntax: web_add_header("Name of Header","6qk44UmAFmvFtsE7mtY X9ssUN8g2iyJEG5fj2G843t8U4p6sQy0nWmlFoaBKAoP2HBfiSh9WtYDWaEyKsIeds1nmL6tHoDApfHDnMb9rN4= "); place the header statement just above the request that is failing and run the script.
    5. As the Security token is a dynamic value sent by the server so we need to Correlate the same.
    6. For finding the boundary values for correlation, you can search the Security Token(the dynamic value) in the Fiddler capture of the previous request. Select the specific request and in the Text View- Click on View in Notepad and search the specific value.

    Hope this would solve the issue.  Please provide your feedbacks at 'swagat1509@gmail.com'


  • Hi,

    I am getting a different issue. My application uses Windows authentication. When I use web_set_user(), i get unauthorized access, but when i remove it, the system appears to access the application without any error message. I am yet to try the fiddler option that you suggested. 


  • Sometimes in this situation I try the "run as a different user" when I start vugen (ie. hold shift key and right click on vugen) login as the intended user and then record the session.

    my two cents worth, something to try.