Solved

Why does IIS Give clients 403 Forbidden Errors?

Posted on 2011-09-26
7
1,017 Views
Last Modified: 2012-05-12
Points of My Scenario
1. I am admin of a IIS7 web server on Windows Server 2008 R2.
2. Clients connect to the server's website using HTTPS
3. When the website is configured to "Require SSL" and to accept client certificates, clients (browsers) get a HTTP 403 Forbidden error when connecting by HTTPS.
4. When the "Require SSL" setting is removed from the website, clients can successfully connect, although using HTTPS again.
QUESTION: If clients are using HTTPS in both cases, why do they fail when the website is configured to "Require SSL"?
0
Comment
Question by:waltforbes
  • 5
  • 2
7 Comments
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36599087
have you created the SSL Certificate in IIS7?
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36599101
You can click here for full instruction on how to setup SSL on IIS7.
0
 

Author Comment

by:waltforbes
ID: 36599179
To HendrikWiese: I have acquired a certificate from our CA (certificate authority) and binded it to the website successfully: note that clients can access the website by HTTPS successfully. The problem arises only when the website is configured to require SSL. I have verified the instructions you sent in the link (http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis-7/).
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36599217
Please have a look at the following and let me know if it helps?

http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/SSL/Q_26561310.html
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36599302
Have you tried the following:

To resolve this problem, follow these steps:1.In Windows Explorer, locate the folder of the virtual directory, or locate the folder of the Web site.
2.Right-click the folder, and then click Properties.
3.Click the Security tab, and then click Edit.
4.In the Group or user names box, click the account to which you want to grant the Write permission, and then click to select the Write check box.
5.Click OK.

Reference: http://support.microsoft.com/kb/942035
0
 
LVL 21

Accepted Solution

by:
Hendrik Wiese earned 500 total points
ID: 36599317
This is obviously a permission issue.

You can view all the forbidden codes here and select the KB within the code description to see the resolution.
0
 

Author Closing Comment

by:waltforbes
ID: 36599391
HendrikWiese: the codes are what I needed most. Many thanks!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question