Error 403 forbidden on remote machines

I have a frustrating problem with IIS.

We have a W2003R2 64 bit OS running with Exchange 2007 and Sharepoint
Server 2007 running on it, and all was working fine.

Then someone attempted to install Microsoft Data Protection Manager onto
the server, and Removed all SSL requirements on the default web site in
order to install it. The install failed and he then removed DPM.

Since then, however, we have been unable to access OWA or sharepoint
properly from remote machines, but it works fine on the machine itself.

The error is HTTP Error 403.2 - Forbidden: Read access is denied.

I've been looking in IIS trying to find what is blocked and where, but
unable to find anything. I know its a IIS permissions problem, but its
frustrating because I cannot find the cause although I know its the same
error for both.

From the IIS logs I have for the OWA error

Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
403 2 5
2007-09-18 11:22:11 W3SVC1 192.168.124.15 GET
/owa/8.0.744.0/themes/base/bsd.gif - 443 bhl\j.ede XXX.XXX.XXX.XXX

and for the sharepoint error

2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
/_themes/Obsidian/viewheadergrad_obsidian.gif - 80 BHL\j.ede
192.168.124.59
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
200 0 0

Re: Error 403 forbidden on remote machines

Hmm,

For "read access denied", open IIS Manager and locate the relevant folder.
On the "Home Directory" or "Directory" tab, check the "Read" permissions
checkbox.

For the second request below (the Sharepoint one) the HTTP status is 200 OK

Cheers
Ken


"Jason Ede" wrote in message
news:eNANcae%23HHA.1208@TK2MSFTNGP05.phx.gbl...
>I have a frustrating problem with IIS.
>
> We have a W2003R2 64 bit OS running with Exchange 2007 and Sharepoint
> Server 2007 running on it, and all was working fine.
>
> Then someone attempted to install Microsoft Data Protection Manager onto
> the server, and Removed all SSL requirements on the default web site in
> order to install it. The install failed and he then removed DPM.
>
> Since then, however, we have been unable to access OWA or sharepoint
> properly from remote machines, but it works fine on the machine itself.
>
> The error is HTTP Error 403.2 - Forbidden: Read access is denied.
>
> I've been looking in IIS trying to find what is blocked and where, but
> unable to find anything. I know its a IIS permissions problem, but its
> frustrating because I cannot find the cause although I know its the same
> error for both.
>
> From the IIS logs I have for the OWA error
>
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
> 403 2 5
> 2007-09-18 11:22:11 W3SVC1 192.168.124.15 GET
> /owa/8.0.744.0/themes/base/bsd.gif - 443 bhl\j.ede XXX.XXX.XXX.XXX
>
> and for the sharepoint error
>
> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
> /_themes/Obsidian/viewheadergrad_obsidian.gif - 80 BHL\j.ede
> 192.168.124.59
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
> 200 0 0

Re: Error 403 forbidden on remote machines

Ken Schaefer wrote:
> Hmm,
>
> For "read access denied", open IIS Manager and locate the relevant
> folder. On the "Home Directory" or "Directory" tab, check the "Read"
> permissions checkbox.

I have gone through the tree looking for those errors. I still get
access denied, but a slightly different log entry as well.. Read
permissions are definitely enabled on /owa... There are no ip
restrictions that I can see on it either.

2007-09-18 12:49:35 W3SVC1 192.168.124.15 GET /owa - 443 bhl\j.ede
192.168.124.59
Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
403 2 5

> For the second request below (the Sharepoint one) the HTTP status is 200 OK

Damn, pasted the wrong line...

2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
/_layouts/images/recycbin.gif - 80 BHL\j.ede 192.168.124.59
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
403 2 5

>
> Cheers
> Ken
>
>
> "Jason Ede" wrote in message
> news:eNANcae%23HHA.1208@TK2MSFTNGP05.phx.gbl...
>> I have a frustrating problem with IIS.
>>
>> We have a W2003R2 64 bit OS running with Exchange 2007 and Sharepoint
>> Server 2007 running on it, and all was working fine.
>>
>> Then someone attempted to install Microsoft Data Protection Manager
>> onto the server, and Removed all SSL requirements on the default web
>> site in order to install it. The install failed and he then removed DPM.
>>
>> Since then, however, we have been unable to access OWA or sharepoint
>> properly from remote machines, but it works fine on the machine itself.
>>
>> The error is HTTP Error 403.2 - Forbidden: Read access is denied.
>>
>> I've been looking in IIS trying to find what is blocked and where, but
>> unable to find anything. I know its a IIS permissions problem, but its
>> frustrating because I cannot find the cause although I know its the
>> same error for both.
>>
>> From the IIS logs I have for the OWA error
>>
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>> 403 2 5
>> 2007-09-18 11:22:11 W3SVC1 192.168.124.15 GET
>> /owa/8.0.744.0/themes/base/bsd.gif - 443 bhl\j.ede XXX.XXX.XXX.XXX
>>
>> and for the sharepoint error
>>
>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>> /_themes/Obsidian/viewheadergrad_obsidian.gif - 80 BHL\j.ede
>> 192.168.124.59
>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>> 200 0 0
>

Re: Error 403 forbidden on remote machines

Hmm, unfortunately I am not familiar with with changes DPM makes to IIS.
Normally 403.2 error indicates you need to check that "Read" checkbox in
IIS.

Sharepoint is different - it uses an ISAPI filter to intercept requests
(except Sharepoint/MOSS 2007 - it uses an ASP.NET HTTP Module after mapping
all requests to ASP.NET). That ISAPI filter can return whatever arbitrary
HTTP status it wants without regard to IIS configuration/settings.

I think you need to try to find out what changes DPM installation makes to
your IIS server. It maybe that DPM uninstallation didn't quite work
properly...

Cheers
Ken

"Jason Ede" wrote in message
news:e5ivZPf%23HHA.4712@TK2MSFTNGP04.phx.gbl...
> Ken Schaefer wrote:
>> Hmm,
>>
>> For "read access denied", open IIS Manager and locate the relevant
>> folder. On the "Home Directory" or "Directory" tab, check the "Read"
>> permissions checkbox.
>
> I have gone through the tree looking for those errors. I still get access
> denied, but a slightly different log entry as well.. Read permissions are
> definitely enabled on /owa... There are no ip restrictions that I can see
> on it either.
>
> 2007-09-18 12:49:35 W3SVC1 192.168.124.15 GET /owa - 443 bhl\j.ede
> 192.168.124.59
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
> 403 2 5
>
>> For the second request below (the Sharepoint one) the HTTP status is 200
>> OK
>
> Damn, pasted the wrong line...
>
> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
> /_layouts/images/recycbin.gif - 80 BHL\j.ede 192.168.124.59
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
> 403 2 5
>
>>
>> Cheers
>> Ken
>>
>>
>> "Jason Ede" wrote in message
>> news:eNANcae%23HHA.1208@TK2MSFTNGP05.phx.gbl...
>>> I have a frustrating problem with IIS.
>>>
>>> We have a W2003R2 64 bit OS running with Exchange 2007 and Sharepoint
>>> Server 2007 running on it, and all was working fine.
>>>
>>> Then someone attempted to install Microsoft Data Protection Manager onto
>>> the server, and Removed all SSL requirements on the default web site in
>>> order to install it. The install failed and he then removed DPM.
>>>
>>> Since then, however, we have been unable to access OWA or sharepoint
>>> properly from remote machines, but it works fine on the machine itself.
>>>
>>> The error is HTTP Error 403.2 - Forbidden: Read access is denied.
>>>
>>> I've been looking in IIS trying to find what is blocked and where, but
>>> unable to find anything. I know its a IIS permissions problem, but its
>>> frustrating because I cannot find the cause although I know its the same
>>> error for both.
>>>
>>> From the IIS logs I have for the OWA error
>>>
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>>> 403 2 5
>>> 2007-09-18 11:22:11 W3SVC1 192.168.124.15 GET
>>> /owa/8.0.744.0/themes/base/bsd.gif - 443 bhl\j.ede XXX.XXX.XXX.XXX
>>>
>>> and for the sharepoint error
>>>
>>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>>> /_themes/Obsidian/viewheadergrad_obsidian.gif - 80 BHL\j.ede
>>> 192.168.124.59
>>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>>> 200 0 0
>>

Re: Error 403 forbidden on remote machines

I just checked the /OWA directory on an Exchange 2007 CAS server here, and
the "Read' checkbox is checked. If you are still getting 403.2 errors for
that folder, then something else is generating that status...

Cheers
Ken

"Ken Schaefer" wrote in message
news:OV6OWYf%23HHA.1900@TK2MSFTNGP02.phx.gbl...
> Hmm, unfortunately I am not familiar with with changes DPM makes to IIS.
> Normally 403.2 error indicates you need to check that "Read" checkbox in
> IIS.
>
> Sharepoint is different - it uses an ISAPI filter to intercept requests
> (except Sharepoint/MOSS 2007 - it uses an ASP.NET HTTP Module after
> mapping all requests to ASP.NET). That ISAPI filter can return whatever
> arbitrary HTTP status it wants without regard to IIS
> configuration/settings.
>
> I think you need to try to find out what changes DPM installation makes to
> your IIS server. It maybe that DPM uninstallation didn't quite work
> properly...
>
> Cheers
> Ken
>
> "Jason Ede" wrote in message
> news:e5ivZPf%23HHA.4712@TK2MSFTNGP04.phx.gbl...
>> Ken Schaefer wrote:
>>> Hmm,
>>>
>>> For "read access denied", open IIS Manager and locate the relevant
>>> folder. On the "Home Directory" or "Directory" tab, check the "Read"
>>> permissions checkbox.
>>
>> I have gone through the tree looking for those errors. I still get access
>> denied, but a slightly different log entry as well.. Read permissions are
>> definitely enabled on /owa... There are no ip restrictions that I can see
>> on it either.
>>
>> 2007-09-18 12:49:35 W3SVC1 192.168.124.15 GET /owa - 443 bhl\j.ede
>> 192.168.124.59
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>> 403 2 5
>>
>>> For the second request below (the Sharepoint one) the HTTP status is 200
>>> OK
>>
>> Damn, pasted the wrong line...
>>
>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>> /_layouts/images/recycbin.gif - 80 BHL\j.ede 192.168.124.59
>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>> 403 2 5
>>
>>>
>>> Cheers
>>> Ken
>>>
>>>
>>> "Jason Ede" wrote in message
>>> news:eNANcae%23HHA.1208@TK2MSFTNGP05.phx.gbl...
>>>> I have a frustrating problem with IIS.
>>>>
>>>> We have a W2003R2 64 bit OS running with Exchange 2007 and Sharepoint
>>>> Server 2007 running on it, and all was working fine.
>>>>
>>>> Then someone attempted to install Microsoft Data Protection Manager
>>>> onto the server, and Removed all SSL requirements on the default web
>>>> site in order to install it. The install failed and he then removed
>>>> DPM.
>>>>
>>>> Since then, however, we have been unable to access OWA or sharepoint
>>>> properly from remote machines, but it works fine on the machine itself.
>>>>
>>>> The error is HTTP Error 403.2 - Forbidden: Read access is denied.
>>>>
>>>> I've been looking in IIS trying to find what is blocked and where, but
>>>> unable to find anything. I know its a IIS permissions problem, but its
>>>> frustrating because I cannot find the cause although I know its the
>>>> same error for both.
>>>>
>>>> From the IIS logs I have for the OWA error
>>>>
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>>>> 403 2 5
>>>> 2007-09-18 11:22:11 W3SVC1 192.168.124.15 GET
>>>> /owa/8.0.744.0/themes/base/bsd.gif - 443 bhl\j.ede XXX.XXX.XXX.XXX
>>>>
>>>> and for the sharepoint error
>>>>
>>>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>>>> /_themes/Obsidian/viewheadergrad_obsidian.gif - 80 BHL\j.ede
>>>> 192.168.124.59
>>>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>>>> 200 0 0
>>>
>

Re: Error 403 forbidden on remote machines

Cheers for the help Ken.

I think DPM caused the problem when it was installed and removed. Having
not done the installation and removal personally I've only got feedback
from the person that did it and that appears to be limited to it failed
so they removed it. The only other info I have is that they did a global
replace on turning off SSL requirements on the IIS branch of default
website.

I wonder if DPM affected a 'hidden' permissions parameter that the IIS
metabase editor would show up...

Jason

Ken Schaefer wrote:
> I just checked the /OWA directory on an Exchange 2007 CAS server here,
> and the "Read' checkbox is checked. If you are still getting 403.2
> errors for that folder, then something else is generating that status...
>
> Cheers
> Ken
>
> "Ken Schaefer" wrote in message
> news:OV6OWYf%23HHA.1900@TK2MSFTNGP02.phx.gbl...
>> Hmm, unfortunately I am not familiar with with changes DPM makes to
>> IIS. Normally 403.2 error indicates you need to check that "Read"
>> checkbox in IIS.
>>
>> Sharepoint is different - it uses an ISAPI filter to intercept
>> requests (except Sharepoint/MOSS 2007 - it uses an ASP.NET HTTP Module
>> after mapping all requests to ASP.NET). That ISAPI filter can return
>> whatever arbitrary HTTP status it wants without regard to IIS
>> configuration/settings.
>>
>> I think you need to try to find out what changes DPM installation
>> makes to your IIS server. It maybe that DPM uninstallation didn't
>> quite work properly...
>>
>> Cheers
>> Ken
>>
>> "Jason Ede" wrote in message
>> news:e5ivZPf%23HHA.4712@TK2MSFTNGP04.phx.gbl...
>>> Ken Schaefer wrote:
>>>> Hmm,
>>>>
>>>> For "read access denied", open IIS Manager and locate the relevant
>>>> folder. On the "Home Directory" or "Directory" tab, check the "Read"
>>>> permissions checkbox.
>>>
>>> I have gone through the tree looking for those errors. I still get
>>> access denied, but a slightly different log entry as well.. Read
>>> permissions are definitely enabled on /owa... There are no ip
>>> restrictions that I can see on it either.
>>>
>>> 2007-09-18 12:49:35 W3SVC1 192.168.124.15 GET /owa - 443 bhl\j.ede
>>> 192.168.124.59
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>>> 403 2 5
>>>
>>>> For the second request below (the Sharepoint one) the HTTP status is
>>>> 200 OK
>>>
>>> Damn, pasted the wrong line...
>>>
>>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>>> /_layouts/images/recycbin.gif - 80 BHL\j.ede 192.168.124.59
>>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>>> 403 2 5
>>>
>>>>
>>>> Cheers
>>>> Ken
>>>>
>>>>
>>>> "Jason Ede" wrote in message
>>>> news:eNANcae%23HHA.1208@TK2MSFTNGP05.phx.gbl...
>>>>> I have a frustrating problem with IIS.
>>>>>
>>>>> We have a W2003R2 64 bit OS running with Exchange 2007 and
>>>>> Sharepoint Server 2007 running on it, and all was working fine.
>>>>>
>>>>> Then someone attempted to install Microsoft Data Protection Manager
>>>>> onto the server, and Removed all SSL requirements on the default
>>>>> web site in order to install it. The install failed and he then
>>>>> removed DPM.
>>>>>
>>>>> Since then, however, we have been unable to access OWA or
>>>>> sharepoint properly from remote machines, but it works fine on the
>>>>> machine itself.
>>>>>
>>>>> The error is HTTP Error 403.2 - Forbidden: Read access is denied.
>>>>>
>>>>> I've been looking in IIS trying to find what is blocked and where,
>>>>> but unable to find anything. I know its a IIS permissions problem,
>>>>> but its frustrating because I cannot find the cause although I know
>>>>> its the same error for both.
>>>>>
>>>>> From the IIS logs I have for the OWA error
>>>>>
>>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>>>>> 403 2 5
>>>>> 2007-09-18 11:22:11 W3SVC1 192.168.124.15 GET
>>>>> /owa/8.0.744.0/themes/base/bsd.gif - 443 bhl\j.ede XXX.XXX.XXX.XXX
>>>>>
>>>>> and for the sharepoint error
>>>>>
>>>>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>>>>> /_themes/Obsidian/viewheadergrad_obsidian.gif - 80 BHL\j.ede
>>>>> 192.168.124.59
>>>>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>>>>> 200 0 0
>>>>
>>
>

Re: Error 403 forbidden on remote machines

Has anyone got any thoughts on how to troubleshoot this problem? I
really need to get webmail and sharepoint up and running again soon.

Jason

Jason Ede wrote:
> Ken Schaefer wrote:
>> Hmm,
>>
>> For "read access denied", open IIS Manager and locate the relevant
>> folder. On the "Home Directory" or "Directory" tab, check the "Read"
>> permissions checkbox.
>
> I have gone through the tree looking for those errors. I still get
> access denied, but a slightly different log entry as well.. Read
> permissions are definitely enabled on /owa... There are no ip
> restrictions that I can see on it either.
>
> 2007-09-18 12:49:35 W3SVC1 192.168.124.15 GET /owa - 443 bhl\j.ede
> 192.168.124.59
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
> 403 2 5
>
>> For the second request below (the Sharepoint one) the HTTP status is
>> 200 OK
>
> Damn, pasted the wrong line...
>
> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
> /_layouts/images/recycbin.gif - 80 BHL\j.ede 192.168.124.59
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
> 403 2 5
>
>>
>> Cheers
>> Ken
>>
>>
>> "Jason Ede" wrote in message
>> news:eNANcae%23HHA.1208@TK2MSFTNGP05.phx.gbl...
>>> I have a frustrating problem with IIS.
>>>
>>> We have a W2003R2 64 bit OS running with Exchange 2007 and Sharepoint
>>> Server 2007 running on it, and all was working fine.
>>>
>>> Then someone attempted to install Microsoft Data Protection Manager
>>> onto the server, and Removed all SSL requirements on the default web
>>> site in order to install it. The install failed and he then removed DPM.
>>>
>>> Since then, however, we have been unable to access OWA or sharepoint
>>> properly from remote machines, but it works fine on the machine itself.
>>>
>>> The error is HTTP Error 403.2 - Forbidden: Read access is denied.
>>>
>>> I've been looking in IIS trying to find what is blocked and where,
>>> but unable to find anything. I know its a IIS permissions problem,
>>> but its frustrating because I cannot find the cause although I know
>>> its the same error for both.
>>>
>>> From the IIS logs I have for the OWA error
>>>
>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>>> 403 2 5
>>> 2007-09-18 11:22:11 W3SVC1 192.168.124.15 GET
>>> /owa/8.0.744.0/themes/base/bsd.gif - 443 bhl\j.ede XXX.XXX.XXX.XXX
>>>
>>> and for the sharepoint error
>>>
>>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>>> /_themes/Obsidian/viewheadergrad_obsidian.gif - 80 BHL\j.ede
>>> 192.168.124.59
>>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>>> 200 0 0
>>

Re: Error 403 forbidden on remote machines

I think you need to find out exactly what was changed during the DPM
install/uninstall.

Otherwise, we are just looking for needles in a haystack given that we don't
know what your actual configuration is. Simply disabling and then
re-enabling the "require SSL" setting does not cause this problem (since I
tried that with an Ex2007 CAS box I have here).

Cheers
Ken

"Jason Ede" wrote in message
news:%23Kk7$0p%23HHA.5464@TK2MSFTNGP02.phx.gbl...
> Has anyone got any thoughts on how to troubleshoot this problem? I really
> need to get webmail and sharepoint up and running again soon.
>
> Jason
>
> Jason Ede wrote:
>> Ken Schaefer wrote:
>>> Hmm,
>>>
>>> For "read access denied", open IIS Manager and locate the relevant
>>> folder. On the "Home Directory" or "Directory" tab, check the "Read"
>>> permissions checkbox.
>>
>> I have gone through the tree looking for those errors. I still get access
>> denied, but a slightly different log entry as well.. Read permissions are
>> definitely enabled on /owa... There are no ip restrictions that I can see
>> on it either.
>>
>> 2007-09-18 12:49:35 W3SVC1 192.168.124.15 GET /owa - 443 bhl\j.ede
>> 192.168.124.59
>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>> 403 2 5
>>
>>> For the second request below (the Sharepoint one) the HTTP status is 200
>>> OK
>>
>> Damn, pasted the wrong line...
>>
>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>> /_layouts/images/recycbin.gif - 80 BHL\j.ede 192.168.124.59
>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>> 403 2 5
>>
>>>
>>> Cheers
>>> Ken
>>>
>>>
>>> "Jason Ede" wrote in message
>>> news:eNANcae%23HHA.1208@TK2MSFTNGP05.phx.gbl...
>>>> I have a frustrating problem with IIS.
>>>>
>>>> We have a W2003R2 64 bit OS running with Exchange 2007 and Sharepoint
>>>> Server 2007 running on it, and all was working fine.
>>>>
>>>> Then someone attempted to install Microsoft Data Protection Manager
>>>> onto the server, and Removed all SSL requirements on the default web
>>>> site in order to install it. The install failed and he then removed
>>>> DPM.
>>>>
>>>> Since then, however, we have been unable to access OWA or sharepoint
>>>> properly from remote machines, but it works fine on the machine itself.
>>>>
>>>> The error is HTTP Error 403.2 - Forbidden: Read access is denied.
>>>>
>>>> I've been looking in IIS trying to find what is blocked and where, but
>>>> unable to find anything. I know its a IIS permissions problem, but its
>>>> frustrating because I cannot find the cause although I know its the
>>>> same error for both.
>>>>
>>>> From the IIS logs I have for the OWA error
>>>>
>>>> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.1)
>>>> 403 2 5
>>>> 2007-09-18 11:22:11 W3SVC1 192.168.124.15 GET
>>>> /owa/8.0.744.0/themes/base/bsd.gif - 443 bhl\j.ede XXX.XXX.XXX.XXX
>>>>
>>>> and for the sharepoint error
>>>>
>>>> 2007-09-18 10:33:04 W3SVC2129811787 192.168.124.16 GET
>>>> /_themes/Obsidian/viewheadergrad_obsidian.gif - 80 BHL\j.ede
>>>> 192.168.124.59
>>>> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+ 1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30)
>>>> 200 0 0
>>>