• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Getting "Server error: 403 - Forbidden: Access Denied" when trying to access my DA portal

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> Getting "Server error: 403 - Forbidden: Access Denied" when trying to access my DA portal Page: [1]
Login
Message << Older Topic   Newer Topic >>
Getting "Server error: 403 - Forbidden: Access Den... - 29.Apr.2011 11:31:48 AM   
ramadji

 

Posts: 62
Joined: 17.Sep.2008
From: Washington, DC, USA
Status: offline
Hello,

I'm testing UAG DirectAccess but sometimes, when I try to access my portal, I'm getting an error 403: "Server error 403 -0 Forbidden: Access denied. You do not have permission to view this directory or page using the credentials that you supplied." The thing is that I haven't supplied any credentials. I'm just trying to load the homepage of the portal.

Some other times, it works and I see access the published applications(File Access for now) and download/upload files. It's just not very stable and I don't know what I'm doing wrong.

Based on the error, I know it's a permission issue on the IIS but I can't pinpoint the exact problem and I'm afraid to mess with the IIS. Here are the Authentications that I have in place:

Default Web Site:
Anonymous Authentication: ENABLED
Windows Authentication: ENABLED
Everything else is DISABLED.

Main Portal:
Anonymous Authentication: ENABLED
Windows Authentication: ENABLED

Everything else is DISABLED.

Am I doing it the right way or the wrong way? What authentication methods does one need in place to get DA to work smoothly?

Also, once a user connects via DA, what happened to the user network shares? Are they supposed to be connected or disconnected as the user is not physically connected to the network anymore?


What about password management? Are DirectAccess users able to change their passwords and be notified as if they were directly connected to the network?

FYI: I have
- UAG 2010 SP1 installed on a Windows Server 2K8 R2 running on a HP ProLiant DL 360 G7 with 24 GB of RAM.
- I have a Server 2K8 R2 forest with two DC/GCs.
- I have an internal CA,
- a 3rd party SSL certificate for IP-HTTPS,
- a Network Location Server
_ ...

Thanks in advance for your help.

Best regards

Ramadji
Washington, DC
Post #: 1
RE: Getting "Server error: 403 - Forbidden: Access... - 20.May2011 3:41:05 PM   
jshawut

 

Posts: 1
Joined: 20.May2011
Status: offline
I'm assuming you are talking about the IPHTTPS tunnel, the 403 forbidden is the expected result. When you run through the DA configuration, select the URL, the server builds a web interface that isn't exposed through IIS. Is a DA client successful when using IPHTPS? Teredo? 6to4?

Yes, DA users are on the network and will receive PW notifications and can use CTRL-ALT-DEL to change their passwords.

(in reply to ramadji)
Post #: 2
RE: Getting "Server error: 403 - Forbidden: Access... - 26.May2011 3:42:21 PM   
ramadji

 

Posts: 62
Joined: 17.Sep.2008
From: Washington, DC, USA
Status: offline
Thanks for taking your time to respond to my message. I really appreciate that.
 
 It's good to know that DA users will be able to receive password notifications and change their passwords. It will be a great feature for my remote users.

That said, how do I know if a DA client is successful using IPHTTPS/Teredo/6to4?
 
I tried to use a DA Connectivity Assistant on the DA client but itís not working properly.

Can I check the success in the UAG Management interface? I'm very new in the UAG arena so bear with me please.

On the DA Client, I'm seeing the output below in the DA Connectivity Assistant's log file (DCADefaultLog.txt)
∑         C:\Windows\system32\LogSpace\{D71B58C8-BE28-49EE-8F59-15BA571770E2}>netsh int httpstunnel show interfaces

Interface IPHTTPSInterface (Group Policy)  Parameters
------------------------------------------------------------
Role                                       : client
URL                                        : https://wdc-uag2010.domainname:443/IPHTTPS
Last Error Code                 : 0x103
Interface Status                : no usable certificate(s) found

There is a 3rd party SSL certificate for the IPHTTPS Interface so I don't know why the Interface status says "no usable certificate found" above. Something is not working right based on the output above, isn't it?
 
When I run the same command from the DA Server, everything comes back ok. I get the output below:
 
∑         C:\Windows\system32>netsh interface httpstunnel show interfaces
 
Interface IPHTTPSInterface Parameters
------------------------------------------------------------
Role                       : server
URL                        : https://wdc-UAG2010.domainname:443/IPHTTPS
Client authentication mode : certificates
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active
 
The command below shows that the Teredo server is unreachable over UDP.

C:\Windows\system32\LogSpace\{D71B58C8-BE28-49EE-8F59-15BA571770E2}>netsh int teredo show state
Teredo Parameters
---------------------------------------------
Type                                      : client
Server Name                     : x.x.x.x.x(one of the 2 consecutive public IPs) (Group Policy)
Client Refresh Interval   : 30 seconds
Client Port                           : unspecified
State                                     : offline
Error                                      : primary teredo server unreachable over UDP
 
Any hints, suggestions to help me get DirectAccess right will be greatly appreciated.
 
Thanks

Ramadji

(in reply to jshawut)
Post #: 3
RE: Getting "Server error: 403 - Forbidden: Access... - 26.Jul.2011 4:35:53 PM   
ramadji

 

Posts: 62
Joined: 17.Sep.2008
From: Washington, DC, USA
Status: offline
Dear All:
Just a quick update to say that I finally got UAG DirectAccess to work. My DA Clients are able to access all their network drives from outside my network as if they were directly connected to the office network. Furthermore, they are able to get GPO, change their passwords,....print from home to the office printer,...It's pretty cool.

I only have one problem now. From outside the corporate network, my DA clients are not able to access a URL that I added to my internal DNS records as a CNAME. The web server is located oustide my network so I'm using a CNAME to point to it. I created an exclusion in the NRRT Table to allow DA Clients to use their local TCP/IP settings to connect to the site not the Internal DNS but for some reason, it's not working as I would like to. Every time a DA Client  tries to access the site, the connection times out and the page is never loaded.

Has someone experienced the same problem before in the process of deploying DirectAccess?

Thanks to everybody for your feedback.

Best regards,

_____________________________

Best regards,
Ramadji Doumnande
Washington, DC

(in reply to ramadji)
Post #: 4
RE: Getting "Server error: 403 - Forbidden: Access... - 5.Apr.2016 1:07:53 AM   
jeje

 

Posts: 145
Joined: 4.Apr.2016
Status: offline
http://www.uggoutlet.uk
ralph lauren online,cheap ralph lauren
michael kors outlet
ralph lauren online
jordans for cheap
Michael Kors Purses
michael kors outlet store
mlb jerseys authentic
michael kors handbags
michael kors factory outlet
tiffany jewelry
jordan retro
chrome hearts online store
air huarache shoes
chrome hearts
http://www.chromehearts.in.net
michael kors handbags
kobe byrant shoes
Air Jordan 11
true religion
michael kors outlet store
toms outlet store
tiffany and co uk
oakley sunglasses
louis vuitton handbags
christian louboutin outlet
fitflops outlet
michael kors outlet
mlb jerseys authentic
kobe shoes
Cheap Jordans For Sale
michael kors outlet online
true religion sale
coach outlet online
Cheap Jordans For Sale
michael kors factory outlet
http://www.airhuaraches.org.uk
chrome hearts online
tiffany and co jewellery
http://www.michaelkors-outletfactory.us.com
Michael Kors Outlet Online
cheap nfl jerseys
tiffany and co
michael kors handbags
white huaraches
tiffany and co outlet
cheap oakleys
tiffany online
cheap jordans
air jordan retro
cheap real jordans
huaraches sale
cheap true religion
tiffany jewellery
cheap uggs
true religion store
jordans for cheap
kobe basketball shoes
jordan retro
oakley store online
toms outlet store
tiffany and co uk
kobe sneakers
michael kors outlet online
michael kors handbags
fitflops outlet
toms outlet
michael kors outlet
chrome hearts online store
michael kors outlet
cheap air jordan
cheap rolex watches
ray ban sunglasses outlet
michael jordan shoes
michael kors outlet
cheap jerseys from china
ray ban uk,cheap ray ban sunglasses
nfl jerseys
michael kors outlet
michael kors outlet store
air jordan shoes
tiffany and co outlet
nfl jerseys
tiffany and co jewelry
replica christian louboutin
huaraches shoes
nike zoom kobe
tiffany and co outlet
true religion jeans
air jordans,cheap air jordans,air jordan shoes,air jordan 11,air jordan 13,air jordan 6,air jordan 4
michael kors outlet
michael kors handbags,michael kors handbags clearance,michael kors clearance
cheap oakley sunglasses
michael kors handbags sale
Michael Kors Online Outlet
fitflop sandals
tiffany and co outlet
tiffany jewelry
Cheap Jerseys Online
ray ban sunglasses outlet
oakley sunglasses
discount sunglasses
http://www.oakleystoreonline.us.org
michael kors outlet online
tiffany and co jewellery
cheap air jordan
ralph lauren uk
chrome hearts wholesale
cheap air jordans
oakley sunglasses wholesale
christian louboutin outlet
michael kors handbags
michael kors outlet online
nike kobe sneakers
http://www.outlettiffanyand.co
ralph lauren polo shirts
cheap true religion jeans
http://www.raybanglasses.in.net
michael jordan shoes
cheap jordans online
fitflops sale
http://www.oakley-sunglass.in.net
air jordan
michael kors handbags
nike dunks
michael kors outlet
cheap authentic jordans
tiffany and co outlet online
michael kors outlet online
nfl jerseys
toms outlet store
fitflop sandals
air huarache shoes
basketball shoes
retro jordans
michael kors outlet
christian louboutin shoes
oakley sunglasses,oakley outlet sunglasses
fitflops clearance
christian louboutin outlet
cheap tiffanys
cheap jordan shoes
http://www.chromehearts.com.co
http://www.cheapbasketballshoes.us.com
http://www.cheapairjordan.us
ray ban sunglasses
black huaraches
air huarache shoes
oakley sunglasses
cheap basketball shoes
fitflops clearance
kobe byrant shoes
michael kors handbags clearance
http://www.nikedunks.us.org
kobe shoes
Cheap NFL Jerseys China
tiffany online
Michael Kors Outlet Store
huaraches shoes,men huaraches,women huaraches,kid huaraches
ray ban sunglasses
kobe basketball shoes
kobe shoes
oakley vault
huaraches shoes
mlb jerseys authentic
fitflops
michael kors handbags outlet
jordan shoes on sale
http://www.michaelkors-outletwebsite.com
air jordan retro
discount oakley sunglasses
Michael Kors Outlet Online
ugg outlet

(in reply to ramadji)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> Getting "Server error: 403 - Forbidden: Access Denied" when trying to access my DA portal Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts