[Webinar] Streamline your web hosting managementRegister Today


SCCM on 2008r2 - 403 forbidden errors

Posted on 2010-03-26
Medium Priority
Last Modified: 2013-11-21
Trying to install SCCM on 2008r2.

Client installs are failing trying to download https://SCCM.DOMAIN.LOCAL/CCM_Client/ccmsetup.cab 

Browsing to that url gives a 403 forbidden message
Manually creating a test.html file in the same folder also gives a 403 error.
Placing same test file in the root iis folder works fine.
The same 403 error is seen when visiting all sites (CCM_CLIENT CCM_Incoming CCM_Outgoing CCM_System etc..).
IUSR user has ntfs permissions to read & execute, read & list folder contents
anonymous auth is enabled, and the user IUSR is selected.

Strangely, there is nothing in the C:\inetpub\logs\FailedReqLogFiles folder.
entries in the LogFiles folder look like this (when using IE):

2010-03-26 11:39:17 GET /CCM_CLIENT - 443 - Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+InfoPath.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.5.21022;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 7 5 4
Question by:Wibble_
  • 3
  • 3
LVL 11

Expert Comment

ID: 28677133
There are two things commun, first the default site on the documents tab should be added and on the first line if posible on that web site.
The other is to have the permissions under the website, as read, write, execute scripts under the home directory site.
Follow this.
Let me know.

Author Comment

ID: 28687966
I've tried adding 'everyone' with full permissions to the ntfs folder, and to the home drirectory (default web site) site

I'ts not a script problem, as I cant access https://SCCM.DOMAIN.LOCAL/CCM_Client/foo.html , a plain html file I created.

still the 403

Author Comment

ID: 28689919
This is an actual request (not me from a browser)

2010-03-26 14:53:40 GET /CCM_Client/ccmsetup.cab - 443 - ccmsetup 403 13 2148081683 7

Would that suggest that it's a 403.13, i.e. Client certificate has been revoked on the Web server?
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

LVL 11

Accepted Solution

pcfreaker earned 2000 total points
ID: 28691864
Yes of course! I overlooked the SSL request... Your commun name in which the ssl certificate was generated has changed to another address generating the error.... You should generate a new certificate for that server.

Author Closing Comment

ID: 31707484
It was a CRL problem. Re-issuing the root certificate fixed it.

TY :-)
LVL 11

Expert Comment

ID: 29084180
Oh I see!... you did have an active CRL. Good thing you manage to fix it quickly!
Thanks and Rgds.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question