Welcome to ISAserver.org

403- Forbidden error when trying to access website from outside of the network

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Web Publishing >> 403- Forbidden error when trying to access website from outside of the network

Page: [1]

Message

<< Older Topic Newer Topic >>

403- Forbidden error when trying to access website from... - 17.Sep.2002 3:36:00 PM

weekapaug

Posts: 68
Joined: 19.May2001
Status: offline

When I access my website from outside I get a "403 - Forbidden The sever denies the specified Uniform Resource Locator, etc" message. I have no idea why. Any suggestions?

Week

Post #: 1

Featured Links*

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 5:44:00 PM

tshinder

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Week,

The most common reason for this error is that the Destination Set wasn't configured correctly. Are you using a FQDN in your Destination Set?

Thanks!

Tom

(in reply to weekapaug)

Post #: 2

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 5:46:00 PM

weekapaug

Posts: 68
Joined: 19.May2001
Status: offline

yes I sure am. The destination set is set up as "testdc.testlab.local". I'm trying to access this dns name (that is mapped to my external interface) http://seeatee.servebeer.com I also have TSAC set up on that same web server so I'd like to get http://seeatee.servebeer.com/TSWeb working as well. I followed the TSAC publishing instructions and set the path as "/TSweb" and I get nothing. Thanks for all of your help. My understanding of ISA becomes clearer as each day passes by.

Week

(in reply to weekapaug)

Post #: 3

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 5:48:00 PM

tshinder

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Week,

The Destination Set needs to include the FQDN the *external* client uses, not the internal name of the server.

HTH,
Tom

(in reply to weekapaug)

Post #: 4

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 5:52:00 PM

weekapaug

Posts: 68
Joined: 19.May2001
Status: offline

I was just responding to say that I changed it and it works. However, the TSAC still doesn't work. I get a page not found when I go to "http://seeatee.servebeer.com/TSWeb" I have a separate destination set created for the TS server with the path as "/TSWeb/*." (have tried just "/TSWeb" too) and then created a server publishing rule for it and still no luck.

Week

(in reply to weekapaug)

Post #: 5

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 6:19:00 PM

weekapaug

Posts: 68
Joined: 19.May2001
Status: offline

I solved my problem (for the most part). The new Remote Desktop app confused me. I haven't installed the TSAC client in some time. I just have to work on authentication for it. I can connect to a server internally via the web but external it says my server is not available after I enter the credentials.

(in reply to weekapaug)

Post #: 6

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 6:48:00 PM

Stoopid

Posts: 53
Joined: 17.Jun.2002
From: Edmonton, Alberta, Canada
Status: offline

Hi Week:

Are you allowing TCP port 3389 through to the Terminal Server you want to connect to using the TSAC client?

Bruce.

(in reply to weekapaug)

Post #: 7

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 6:57:00 PM

skipster

Posts: 550
Joined: 12.Oct.2001
From: newport beach
Status: offline

In your destination set for the TSWEB site your path should be /TSWEB*

(in reply to weekapaug)

Post #: 8

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 7:28:00 PM

weekapaug

Posts: 68
Joined: 19.May2001
Status: offline

yes I have that the same. When the web interface pops up what do I enter into the box next to "Server:" ? I am entering in "testdc" which is the internal server with the TSAC installed. Is this incorrect? I read another post where Tom mentioned that whatever you enter into the box has to be resolvable to the external interface. I'm sorta confused. Thanks.

Week

(in reply to weekapaug)

Post #: 9

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 8:48:00 PM

whisperedlies

Posts: 189
Joined: 7.Jun.2002
From: Ohio
Status: offline

weekapaug-

here's what I had posted in another thread to you about the name you type into the server: box being resolvable:

well.. let's see. to start from the beginning.... in addition to publishing the TSAC site, you use server publishing, and publish the port 3389 (RDP's port) on your external adapter's default IP to an internal server running the RDP protocol. Any traffic to the port 3389 on the default IP of your external adapter will then get forwarded to your terminal server.

so basically, when you publish your TSAC site, whatever you type in as the server name, it gets resolved into an IP. this IP needs to match the IP you've published the RDP protocol to. so as long as you type in a name (or the actual IP) that resolves into this IP, it will work.

so, for instance, if you have one IP mapped, example.servebeer.com, to your ISA server, and you publish RDP to your default IP on the external adapter, example.servebeer.com is going to resolve into the IP of your external adapter. so, more to the point, you should be able to just type in example.servebeer.com, and it will work. heck, you could type in fruitloops.com, and as long as fruitloops.com resolves to the IP you published, it would work (now that was an example, please don't try fruitloops.com)

[ September 17, 2002, 08:49 PM: Message edited by: Mike G. ]

(in reply to weekapaug)

Post #: 10

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 11:16:00 PM

weekapaug

Posts: 68
Joined: 19.May2001
Status: offline

hey there. Thanks for your response. As soon as I sat and thought about it, it made perfect sense. Works like a charm now. Now what if you wanted to TS into another machine on the internal network. How could you do this?

Week

(in reply to weekapaug)

Post #: 11

RE: 403- Forbidden error when trying to access website ... - 17.Sep.2002 11:35:00 PM

whisperedlies

Posts: 189
Joined: 7.Jun.2002
From: Ohio
Status: offline

glad it works! if you want to add another TS server, you'll have to either add another external IP to your ISA server, and create a new mapping to that external IP, and publish RDP 3389 on that new IP to your additional TS server, and you're all set! if you've only got one IP to work with, you'll have to publish the additional TS server to a different port.

here's two tutorials on that:
Publishing the additional TSAC site
Publishing the actual TS to a different port

it could get a little bit tricky. one solution is to install IIS on the second TS server, install TSAC on it, follow the above to change the defaults, then publish this second TSAC site separately.

[ September 17, 2002, 11:43 PM: Message edited by: Mike G. ]

(in reply to weekapaug)

Post #: 12

RE: 403- Forbidden error when trying to access website ... - 18.Sep.2002 4:49:00 PM

weekapaug

Posts: 68
Joined: 19.May2001
Status: offline

Thanks Mike. You rock!

Do you know anything about VPN. I'm trying VPN into my W2k network (AD) from outside and when I make the connection I get to the point where it starts to verify the username and the password but then it reports the error "The remote computer is not responding". I followed Tom's instructions on how to set up the ISA to allow VPN clients. I'm thinking my RAS settings may be off. I'm not positive though. Thanks.

Weekapaug

(in reply to weekapaug)

Post #: 13

RE: 403- Forbidden error when trying to access website ... - 18.Sep.2002 8:09:00 PM

whisperedlies

Posts: 189
Joined: 7.Jun.2002
From: Ohio
Status: offline

Aww shucks, i'm just an amatuer comparatively. god knows i've probably given out a fair share of stupid/wrong advice thus far, but the only way to learn is to exercize what you know. and, hey, at least i try! [Wink]

As far as VPN thru ISA goes, I might not be much help. I haven't gotten that far yet. However I think i'll give it a shot tonite. Sorry to say, then, I don't have any suggestions.

(in reply to weekapaug)

Post #: 14

RE: 403- Forbidden error when trying to access website ... - 18.Sep.2002 8:53:00 PM

whisperedlies

Posts: 189
Joined: 7.Jun.2002
From: Ohio
Status: offline

OK, i just configured it and gave it a shot. It went in without a problem.

When you run that VPN Client wizard, it creates packet filters required to allow VPN through ISA to RRAS on the ISA server. The packet filters are like any other packet filters, they're set to a particular IP address on the external adapter. by default it looks like they use the default IP on the external adapter. so basically, what i'm thinking is, since you get the message that the remote server couldn't be contacted, that these packets aren't getting through. possibly because you aren't directing your VPN client to go to the right IP? if you use a FQDN, the FQDN must resolve into the IP you have these packet filters set on (the default ip on the external adapter by default, remember). additionally, you can use the actual IP address.

I'd give that a shot first, and see what happens. also, make sure the RRAS service gets restarted. finally, check the RRAS access policies to make sure they afford you the permission to log in. finally, when using a login name, make sure they have permission either on the RRAS server, or in the Remote Access Permissions setting under the Dial-In tab on their user object in active directory.

beyond that, i'm not sure what else it could be at this point.

(in reply to weekapaug)

Post #: 15