If you could just fix SharePoint... That would be great.

Fixing “-2147024891, System.UnauthorizedAccessException” when accessing SharePoint SOAP Web Services

This post was most recently updated on July 18th, 2020.

3 min read.

This article explains how to fix error 2147024891 (or sometimes -2147024891), “System.UnauthorizedAccessException” when accessing functionality in SharePoint that’s built on top of SOAP Web Services. In a sense, we’re delving into some legacy stuff – Microsoft has still kept SOAP-based SharePoint Web Services included in the product, since a lot of functionality has been built on top of them.

We encountered the issue where you suddenly started getting exceptions for Unauthorized Access (-2147024891, System.UnauthorizedAccessException) for accessing list items, no matter if you actually had access to the list or not.

Error description

We started getting this error, when requesting list items using SharePoint SOAP Web Services (namely, Lists.asmx):

-2147024891, System.UnauthorizedAccessException

Access denied. You do not have permission to perform this action or access this resource.

SharePoint Online might throw this error at you, even if your user account has Global Admin permissions!

“Wait! SOAP is still around in SharePoint?”

Haha, yes, yes it is. SharePoint Web Services is built on SOAP.

While you probably shouldn’t build anything new using these services, there’s bound to be a lot of legacy stuff that uses them.

Microsoft puts it this way:

Two API sets are still supported in the SharePoint framework for backward compatibility, but we recommend that you not use them for new projects: the ASP.NET (asmx) web services, and direct Remote Procedure Calls (RPC) calls to the owssvr.dll file.

Deprecated API sets

The asmx – SOAP – Web Services generally speaking should not be used anymore.

Marc D Anderson puts it this way (already in 2014):

I am not aware of any official specific time frames for the SOAP services going away, and the Product Group would need to give us a good, long lead time because lots of code depends on it, SPServices or not. Many people have built managed code-based solutions which use the SOAP Web Services as well. GetListItems is a workhorse operation no matter how you build your solutions.

SPServices: What About Deprecation of the SOAP Web Services?

Microsoft’s old stance on the matter is well described in the picture below – while Silverlight APIs, JavaScript APIs (namely JSOM) and in a lot of cases Server APIs as well are more or less already gone, the purple box (REST/OData Endpoints) is the API set replacing SOAP Web Services almost entirely.

As we can see today, the APIs were still there – and they started throwing errors our way!

Can’t deny it, though – my first thought was, that now it finally happened: Microsoft just shut down the service it deprecated already in 2013(?). But it actually only happened on one tenant, so I guess that wasn’t the case after all :)

But what was it, then?


Okay, this is basically magic. It’s a bit weird, but the resolution here is the same as in this case:

Surprising, but the underlying error is apparently the same. So enabling “Legacy Auth Protocols” fixes the issue for the SOAP Web Service authentication.

So, in short – the PowerShell commandlets below should help you out:

Set-SPOTenant -LegacyAuthProtocolsEnabled $True

Then wait overnight (up to 24 hours) and try again :)

If you want to read more into the issue, you can read my other blog post about solving “Unauthorized” error messages in SharePoint Online!

Further reading

5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments