Solved

Configuring Default Web site on SBS 2008

Posted on 2010-11-08
25
884 Views
Last Modified: 2012-08-13
Our SBS 2008 Server has been running for a year now, but now I need to start making use of the default website.

IIS says the website is running, but when I try to navigate to it externally or internally, I get a gray bar with white letters saying 'Server Error' then underneath it says in red letters '403 - Forbidden: Access is denied'

How do I fix this?
0
Comment
Question by:TownTalk
  • 11
  • 10
  • 2
  • +2
25 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 34083251
Can you check what IP and ports the default site is bound to? and if any host headers are used. Check these against what you are trying to access when you get the error.
0
 
LVL 5

Expert Comment

by:sabk
ID: 34083261
You should try to perform troubleshooting by looking at the IIS log file for the website and the request in question. Please report the HTTP Status/SubStatus/Win32Status associated with the failing request. The IIS log file error codes typically tell you exactly what is wrong and indicates what needs to be done to resolve the issue -- no guessing or random actions required.
0
 

Author Comment

by:TownTalk
ID: 34083271
I just found something. When I look in site bindings, and click on the browse button, it gives me some more information stating that the page is secured with SSL. How do I remove this?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34083279
Well you can either remove the SSL setting, or you can add an additional binding for port 80 in the bindings section, so * as the IP, port 80 as the port.
0
 
LVL 3

Expert Comment

by:thetime
ID: 34083289
Are you using sharepoint services at the moment or possibly ISA server? If yes for Sharepoint, then depending on your Sharepoint sites configuration, it may be possible that Sharepoint was set up to use http port 80 which would create a need for you to specify a port, such as 81 or so, for your default website. You would then browse to http://your-server-name-or-ip:81 after IIS is configured to use port 81.

If you are using ISA server make sure you are not blocking access to the default website.

Lastly, have you tried connecting to the IIS site from the sbs server using 'http://localhost' ?
0
 
LVL 11

Expert Comment

by:Snibborg
ID: 34083298
Go into the IIS directory on the C drive and check the permissions for the web site you are trying to access.  Should be set to "domain users" initially, you can then tighten the permissions as required.  If you have not yet uploaded any content to it you should get "under construction" as the default.

First thing is to get it working internally.  Once that is done, tighten up your access before unleashing it on the net.  To access from the net you will need a route setting on the firewall to pipe the traffic and a port opening on the firewall to access port 80 and / or 8080 to allow web and secure web access.

Snibborg
0
 

Author Comment

by:TownTalk
ID: 34083403
In the bindings there is  an http entry for the external address. I also added an http entry for the server name. Both these entries are on port 80. There are no https entries there.

I've never used sharepoint on this server. It may be running, but i've never looked at it. I am not using ISA server. This server has a single network card and is on our internal network where there is also the router to the outside world.

from the server console, http://locahost gives me "The web page cannot be found"

To make sure it's not a file level security issue, i've given the Everyone Group permission to read the folder

Heres a section from the IIS logs. Our server is called saphire. So when I try to access http://saphire/iisstart.htm, this is what is logged when I get the 403 error

#Date: 2010-11-08 11:36:51
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2010-11-08 11:36:51 192.168.16.2 GET / - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 139
2010-11-08 11:36:53 192.168.16.2 GET / - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 183
2010-11-08 11:38:29 192.168.16.2 GET /iisstart.htm - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 181
2010-11-08 11:39:53 fe80::291d:3640:fa0c:47fc%11 GET /selfupdate/iuident.cab - 80 - fe80::291d:3640:fa0c:47fc%11 - 200 0 0 18
2010-11-08 11:43:52 192.168.16.2 GET /iisstart.htm - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 181
2010-11-08 11:43:53 192.168.16.2 GET /iisstart.htm - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 36
0
 

Author Comment

by:TownTalk
ID: 34083420
I forgot to mention also that when I changed the binding to port 81, I get 'Page cannot be found' when I tried http://saphire/iisstart.htm:81
0
 

Author Comment

by:TownTalk
ID: 34083435
Then I realised that I would have to open port 81 in the windows firewall. When I did this, I got the 403 error again
0
 
LVL 11

Expert Comment

by:Snibborg
ID: 34083530
Is the IIS service running?  try telnetting to the server from another workstation.  using the DOS prompt, type telnet <servername> 80.  Then repeat with port 8080.  This will allow you to ascertain whether either of these ports are active.  If neither of these work then you know you need to look more closely at the IIS services themselves.

Snibborg
0
 

Author Comment

by:TownTalk
ID: 34083563
As far as I know the IIS service is running because our OWA is working normally from outside the building.

When I opened a command prompt at a workstation and tried: telnet 192.168.16.2 80 (or 8080) I get an empty black window
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34083693
Is the site actually started ? The reason i ask is that if you have OWA running on the same box its likley to have its own bindings and i want to be sure that localhost:80 or :81 isnt being directed towards the OWA site..

0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:TownTalk
ID: 34083742
Yes all the sites are started. I just stopped the default web site and tried to access the url. After a long delay I got page not found. When I started the site I got the 403 error again. I've attached a screen dumb of the error
403-Error.jpg
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34083780
Ok but that indicates something ... if you stopped the default website and tried accessing it, and STILL got a 403.. that indicates at another site is answering requests NOT the default one.

What other sites are on the box ?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34083785
Check any of the remaining sites - specifically what they are bound to, check for any which are bound to IP *, port 80 and either no, or * host headers.
0
 

Author Comment

by:TownTalk
ID: 34083820
No you misread my previous post. When I disabled the default website, there was a long pause followed by 'page not found' It was only when I restarted it I got the 403 error again
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34083835
if you put a text file in the default site webroot can you access it from the browser i.e http://localhost/test.txt ?
0
 

Author Comment

by:TownTalk
ID: 34083934
No I still get the 403 error. Is this not an authentication issue? I've got anonymous authentication enabled. I tried enabled the other types, but without success.
0
 
LVL 20

Accepted Solution

by:
woolnoir earned 500 total points
ID: 34084017
do you have 'allow SSL'or 'require SSL' on the default site config ?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34084023
And do you have anonymous authentication on ?
0
 

Author Comment

by:TownTalk
ID: 34084089
I looked inside SSL Settings. In there I can only see 'Require SSL'. it is ticked and greyed out so I cant change it. I cannot see 'Allow SSL' anywhere. At the right of the SSL Window there is an alert stating that the site does not have an https binding and cannot accept SSL connections.  But I dont want to use SSL so it is quite right that I dont have an https binding. But it does concern me that the 'Require SSL' is ticked and greyed out.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34084102
You might want to consider shutting down the default site and creating your own, that way you can pick the bindings and protocols which are used - in addition to the authentication method.
0
 

Author Comment

by:TownTalk
ID: 34084117
I think I fixed it...... I added an https binding. This allowed me to untick the 'Require SSL' option in the SSL window. Then I removed the https binding and now my site seems to be working.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34084128
good news - we got there in the end.
0
 

Author Comment

by:TownTalk
ID: 34084156
I think when the server was set up, there was an SSL binding, but there was a conflict somewhere else which was resolved by me removing the https binding. So thats how I got into this situation.

I'll accept the response which was nearest to the solution and thank everyone for their input.

Ian
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now