Configuring Default Web site on SBS 2008

Our SBS 2008 Server has been running for a year now, but now I need to start making use of the default website.

IIS says the website is running, but when I try to navigate to it externally or internally, I get a gray bar with white letters saying 'Server Error' then underneath it says in red letters '403 - Forbidden: Access is denied'

How do I fix this?
TownTalkAsked:
Who is Participating?
 
woolnoirConnect With a Mentor Commented:
do you have 'allow SSL'or 'require SSL' on the default site config ?
0
 
woolnoirCommented:
Can you check what IP and ports the default site is bound to? and if any host headers are used. Check these against what you are trying to access when you get the error.
0
 
sabkCommented:
You should try to perform troubleshooting by looking at the IIS log file for the website and the request in question. Please report the HTTP Status/SubStatus/Win32Status associated with the failing request. The IIS log file error codes typically tell you exactly what is wrong and indicates what needs to be done to resolve the issue -- no guessing or random actions required.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
TownTalkAuthor Commented:
I just found something. When I look in site bindings, and click on the browse button, it gives me some more information stating that the page is secured with SSL. How do I remove this?
0
 
woolnoirCommented:
Well you can either remove the SSL setting, or you can add an additional binding for port 80 in the bindings section, so * as the IP, port 80 as the port.
0
 
thetimeCommented:
Are you using sharepoint services at the moment or possibly ISA server? If yes for Sharepoint, then depending on your Sharepoint sites configuration, it may be possible that Sharepoint was set up to use http port 80 which would create a need for you to specify a port, such as 81 or so, for your default website. You would then browse to http://your-server-name-or-ip:81 after IIS is configured to use port 81.

If you are using ISA server make sure you are not blocking access to the default website.

Lastly, have you tried connecting to the IIS site from the sbs server using 'http://localhost' ?
0
 
SnibborgOwnerCommented:
Go into the IIS directory on the C drive and check the permissions for the web site you are trying to access.  Should be set to "domain users" initially, you can then tighten the permissions as required.  If you have not yet uploaded any content to it you should get "under construction" as the default.

First thing is to get it working internally.  Once that is done, tighten up your access before unleashing it on the net.  To access from the net you will need a route setting on the firewall to pipe the traffic and a port opening on the firewall to access port 80 and / or 8080 to allow web and secure web access.

Snibborg
0
 
TownTalkAuthor Commented:
In the bindings there is  an http entry for the external address. I also added an http entry for the server name. Both these entries are on port 80. There are no https entries there.

I've never used sharepoint on this server. It may be running, but i've never looked at it. I am not using ISA server. This server has a single network card and is on our internal network where there is also the router to the outside world.

from the server console, http://locahost gives me "The web page cannot be found"

To make sure it's not a file level security issue, i've given the Everyone Group permission to read the folder

Heres a section from the IIS logs. Our server is called saphire. So when I try to access http://saphire/iisstart.htm, this is what is logged when I get the 403 error

#Date: 2010-11-08 11:36:51
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2010-11-08 11:36:51 192.168.16.2 GET / - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 139
2010-11-08 11:36:53 192.168.16.2 GET / - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 183
2010-11-08 11:38:29 192.168.16.2 GET /iisstart.htm - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 181
2010-11-08 11:39:53 fe80::291d:3640:fa0c:47fc%11 GET /selfupdate/iuident.cab - 80 - fe80::291d:3640:fa0c:47fc%11 - 200 0 0 18
2010-11-08 11:43:52 192.168.16.2 GET /iisstart.htm - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 181
2010-11-08 11:43:53 192.168.16.2 GET /iisstart.htm - 80 - 192.168.16.51 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 403 4 5 36
0
 
TownTalkAuthor Commented:
I forgot to mention also that when I changed the binding to port 81, I get 'Page cannot be found' when I tried http://saphire/iisstart.htm:81
0
 
TownTalkAuthor Commented:
Then I realised that I would have to open port 81 in the windows firewall. When I did this, I got the 403 error again
0
 
SnibborgOwnerCommented:
Is the IIS service running?  try telnetting to the server from another workstation.  using the DOS prompt, type telnet <servername> 80.  Then repeat with port 8080.  This will allow you to ascertain whether either of these ports are active.  If neither of these work then you know you need to look more closely at the IIS services themselves.

Snibborg
0
 
TownTalkAuthor Commented:
As far as I know the IIS service is running because our OWA is working normally from outside the building.

When I opened a command prompt at a workstation and tried: telnet 192.168.16.2 80 (or 8080) I get an empty black window
0
 
woolnoirCommented:
Is the site actually started ? The reason i ask is that if you have OWA running on the same box its likley to have its own bindings and i want to be sure that localhost:80 or :81 isnt being directed towards the OWA site..

0
 
TownTalkAuthor Commented:
Yes all the sites are started. I just stopped the default web site and tried to access the url. After a long delay I got page not found. When I started the site I got the 403 error again. I've attached a screen dumb of the error
403-Error.jpg
0
 
woolnoirCommented:
Ok but that indicates something ... if you stopped the default website and tried accessing it, and STILL got a 403.. that indicates at another site is answering requests NOT the default one.

What other sites are on the box ?
0
 
woolnoirCommented:
Check any of the remaining sites - specifically what they are bound to, check for any which are bound to IP *, port 80 and either no, or * host headers.
0
 
TownTalkAuthor Commented:
No you misread my previous post. When I disabled the default website, there was a long pause followed by 'page not found' It was only when I restarted it I got the 403 error again
0
 
woolnoirCommented:
if you put a text file in the default site webroot can you access it from the browser i.e http://localhost/test.txt ?
0
 
TownTalkAuthor Commented:
No I still get the 403 error. Is this not an authentication issue? I've got anonymous authentication enabled. I tried enabled the other types, but without success.
0
 
woolnoirCommented:
And do you have anonymous authentication on ?
0
 
TownTalkAuthor Commented:
I looked inside SSL Settings. In there I can only see 'Require SSL'. it is ticked and greyed out so I cant change it. I cannot see 'Allow SSL' anywhere. At the right of the SSL Window there is an alert stating that the site does not have an https binding and cannot accept SSL connections.  But I dont want to use SSL so it is quite right that I dont have an https binding. But it does concern me that the 'Require SSL' is ticked and greyed out.
0
 
woolnoirCommented:
You might want to consider shutting down the default site and creating your own, that way you can pick the bindings and protocols which are used - in addition to the authentication method.
0
 
TownTalkAuthor Commented:
I think I fixed it...... I added an https binding. This allowed me to untick the 'Require SSL' option in the SSL window. Then I removed the https binding and now my site seems to be working.
0
 
woolnoirCommented:
good news - we got there in the end.
0
 
TownTalkAuthor Commented:
I think when the server was set up, there was an SSL binding, but there was a conflict somewhere else which was resolved by me removing the https binding. So thats how I got into this situation.

I'll accept the response which was nearest to the solution and thank everyone for their input.

Ian
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.