Wibble_
asked on
SCCM on 2008r2 - 403 forbidden errors
Trying to install SCCM on 2008r2.
Client installs are failing trying to download https://SCCM.DOMAIN.LOCAL/CCM_Client/ccmsetup.cab
Browsing to that url gives a 403 forbidden message
Manually creating a test.html file in the same folder also gives a 403 error.
Placing same test file in the root iis folder works fine.
The same 403 error is seen when visiting all sites (CCM_CLIENT CCM_Incoming CCM_Outgoing CCM_System etc..).
IUSR user has ntfs permissions to read & execute, read & list folder contents
anonymous auth is enabled, and the user IUSR is selected.
Strangely, there is nothing in the C:\inetpub\logs\FailedReqL
entries in the LogFiles folder look like this (when using IE):
2010-03-26 11:39:17 172.16.2.11 GET /CCM_CLIENT - 443 - 10.4.0.2 Mozilla/4.0+(compatible;+M
Client installs are failing trying to download https://SCCM.DOMAIN.LOCAL/CCM_Client/ccmsetup.cab
Browsing to that url gives a 403 forbidden message
Manually creating a test.html file in the same folder also gives a 403 error.
Placing same test file in the root iis folder works fine.
The same 403 error is seen when visiting all sites (CCM_CLIENT CCM_Incoming CCM_Outgoing CCM_System etc..).
IUSR user has ntfs permissions to read & execute, read & list folder contents
anonymous auth is enabled, and the user IUSR is selected.
Strangely, there is nothing in the C:\inetpub\logs\FailedReqL
entries in the LogFiles folder look like this (when using IE):
2010-03-26 11:39:17 172.16.2.11 GET /CCM_CLIENT - 443 - 10.4.0.2 Mozilla/4.0+(compatible;+M
ASKER
I've tried adding 'everyone' with full permissions to the ntfs folder, and to the home drirectory (default web site) site
I'ts not a script problem, as I cant access https://SCCM.DOMAIN.LOCAL/CCM_Client/foo.html , a plain html file I created.
still the 403
I'ts not a script problem, as I cant access https://SCCM.DOMAIN.LOCAL/CCM_Client/foo.html , a plain html file I created.
still the 403
ASKER
This is an actual request (not me from a browser)
2010-03-26 14:53:40 172.16.2.11 GET /CCM_Client/ccmsetup.cab - 443 - 172.16.20.189 ccmsetup 403 13 2148081683 7
Would that suggest that it's a 403.13, i.e. Client certificate has been revoked on the Web server?
2010-03-26 14:53:40 172.16.2.11 GET /CCM_Client/ccmsetup.cab - 443 - 172.16.20.189 ccmsetup 403 13 2148081683 7
Would that suggest that it's a 403.13, i.e. Client certificate has been revoked on the Web server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It was a CRL problem. Re-issuing the root certificate fixed it.
TY :-)
TY :-)
Oh I see!... you did have an active CRL. Good thing you manage to fix it quickly!
Thanks and Rgds.
Thanks and Rgds.
The other is to have the permissions under the website, as read, write, execute scripts under the home directory site.
Follow this.
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/21079107-1740-470e-a933-23a45494b8ba.mspx?mfr=true
Let me know.
Rgds.