Link to home
Start Free TrialLog in
Avatar of Inserachof
InserachofFlag for United States of America

asked on

Error 403 Forbidden access is denied on Windows 2003 server

windows 2003 R2 Enterprise 64 bit sp2
exchange 2007 entertprise 64 bit sp3
forefront 2010 protecttion for exchange server

I need to access these web sites for updates to work on forefront

http://forefrontdl.microsoft.com/server/scanengineupdate

cdn-microupdates.cloudmark.com
lvc.cloudmark.com
tracks.cloudmark.com
pki.cloudmark.com

when I try thru IE8 to test access I  get thie error

403 forbidden access is deined
you do not have permission to view this directory or page using the credentials that you supplied

I do not run windows firewall on the server the service is disabled

I have a Cisco router CISCO851W-G-A-K9 which all internet access flows thru


I checked this http://support.microsoft.com/kb/318380

but that talks about changing your IIS do not understand why my IIS on the server would stop access to this web site

Is it a protocol that is not working on the router maybe?

Need some help on this one
ASKER CERTIFIED SOLUTION
Avatar of tstritof
tstritof

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Inserachof

ASKER

Ok I can access that link from the server no problem I was able to download the file on the second try

this is the site that fails http://forefrontdl.microsoft.com/server/scanengineupdate
as I mentioned in my post above

The KB article is setting up a manual process and I would rather not do this manually need to have this setup as automatic as possible it has to be a router issue why else can I not get to certain web sites from the server as well as from my workstations

I am testing on both the server and workstation and get the same error
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Type :            Warning
Date :            10/24/2010
Time :            10:17:59 AM
Event :            7003
Source :            Microsoft Forefront Protection
Category :      Health Status
User :            N/A
Computer :      TGCS005
Description:
Not all of the antimalware engines enabled for updates successfully updated at the last attempt.

Type :            Warning
Date :            10/24/2010
Time :            10:17:59 AM
Event :            7006
Source :            Microsoft Forefront Protection
Category :      Health Status
User :            N/A
Computer :      TGCS005
Description:
At least one of the antimalware engines enabled for updates has not been updated in the last five days.

Type :            Error
Date :            10/24/2010
Time :            10:17:59 AM
Event :            7048
Source :            Microsoft Forefront Protection
Category :      Health Status
User :            N/A
Computer :      TGCS005
Description:
Content Filter is enabled and the last definition update was over 12 hours ago.

these three every so often

Type :            Error
Date :            10/24/2010
Time :            2:04:58 AM
Event :            6012
Source :            GetEngineFiles
Category :      Engine Error
User :            N/A
Computer :      TGCS005
Description:
Microsoft Forefront Protection encountered an error while performing a scan engine update.
   Scan Engine: Kaspersky
   Error Code: 0x80004005
   Error Detail: Description: An error occurred while loading the scan engine.

Type :            Error
Date :            10/24/2010
Time :            2:05:00 AM
Event :            6019
Source :            GetEngineFiles
Category :      Engine Error
User :            N/A
Computer :      TGCS005
Description:
Microsoft Forefront Protection encountered an error while performing a scan engine update.
   Scan Engine: Kaspersky
   Error Detail: An error occurred while testing the scan engine.

Type :            Error
Date :            10/24/2010
Time :            2:13:32 AM
Event :            6012
Source :            GetEngineFiles
Category :      Engine Error
User :            N/A
Computer :      TGCS005
Description:
Microsoft Forefront Protection encountered an error while performing a scan engine update.
   Scan Engine: Cloudmark
   Error Code: 0x80004005
   Error Detail: Description: An error occurred while loading the scan engine.

Type :            Error
Date :            10/24/2010
Time :            2:13:32 AM
Event :            6019
Source :            GetEngineFiles
Category :      Engine Error
User :            N/A
Computer :      TGCS005
Description:
Microsoft Forefront Protection encountered an error while performing a scan engine update.
   Scan Engine: Cloudmark
   Error Detail: An error occurred while testing the scan engine.

these errors once in a while also

does this help
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I did not set up proxy on forefront becasue I thought I am not using a proxy

I will check that out later today after football
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I just checlked I have no IUSR_server5 or IWAM_Sserver5 listed in my domain users

I see them for IUSER_server1 IUSER_server2  same with IWAM_server1 and IWAM_server2

Servers 1 & 2 are Windows 2003 R2 Standard SP2

Server 5 is Windows 2003 R2 Enterprise 64bit

another strange thing when I try ti open IIS manager it is always asking me for userid and password

Wondering if that has anything to do with it

Why did the install of IIS on my server5 not create IUSER and IWAM users on the domain?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
removed forefront
Avatar of tstritof
tstritof

Sorry to hear that.

I have almost identical config running OK and Forefront is doing a nice job cleaning up malware on incoming mail.

I'd test Forefront connecting to internet from alternate location covered by different ISP with a simple DSL NAT router and no smart firewalls (hardware or software) just the basic port opening for incoming/outgoing traffic.

Hope you find a good alternate solution to Forefront.

Regards,
Tomislav