External webreference call returns authorization error

External webreference call returns authorization error

we are having a problem in a method of one of the Webservices our application publishes in Outsystems Platform (via ServiceStudio).
The call to this method is done by an external application, and our WebService does not require authentication. We have the same code (oml and extension) on two different servers: in one of them the call to our method is successful and on the other it fails with a permission error (401 Unauthorized).
After our analysis, we found that the problem isn’t really with our WebService per se, but with an action that we call, that, on its turn, calls an external WebService provided by a third party (WebReference consumed by our eSpace and configured inside Service Studio). That external WebReference does not need any explicit authentication and is returning the 401 error.
The strange thing is that:
- previously, the call to the external method was successful in both machines, but now it only works in one machine (the url of the service called is the same on both machines);
- the team responsible for the external WebService didn’t make any changes to the service;
- using a webservice testing app (like WebService Studio or SoapUI)  from each one of the two machines, the call to the external WebService is successful in both.
What could be wrong here? How can we trace the problem any further? What could have been changed? Something in the infra-structure (users permissions, firewall rules, …)? 
Did you upgrade Outsystems?
Disd you change something in Outsystems Configuration.

trace the problem with wireshark.

Didn't upgrade Oustystems.
We are trying to trace if we made any change on the day it started this problem (or the day before), but no luck so far. 

Will try wireshark.

In the meantime we solved this issue. It had to do with the computer accounts in the Active Directory. Somewhere in time, out of nowhere, the server where we had our application, from where it made requests to another server on the domain, stopped getting the http 200 code (sucess) and started sending the 401 (unauthorized). On the IIS logs, on the target server, we saw that, when it was working, the requests were signed by user "DOMAIN\machine-name$" and when it was no longer working the requests showed up in IIS logs without user.
The systems responsible removed and added again the "machine-name" account from the AD and it started working once again: the request to the target server was again signed with the DOMAIN\machine-name$ user.

Meanwhile, we set the Outsystems ApplicationPool to run as another specific domain user, instead of the default ApplicationPoolIdentity.