The origin responds with a 401 error to a request when Auth/SecurityToken is configured at the origin server and the request contains an invalid or expired token due to the following reasons:
Packager is not configured with same SecurityToken as on origin.
The machines running the packager and the origin are not time-synchronized. The time difference exceeds the value of SecurityToken/Timeout set at origin.