RE: 403 forbidden with new server

Hello Terry,

Thank you for posting here.

According to your description, I understand that you add a new windows
server 2003 to your SBS 2003 domain, but the windows server 2003 can not
access Internet. If I have misunderstood the problem, please don't hesitate
to let me know.

Based on my research, if you add the windows server 2003 to your SBS 2003
domain as DC, you have to go through the following KB:

How to install Small Business Server 2003 in an existing Active Directory
domain
http://support.microsoft.com/kb/884453

After you correct add the windows server 2003 to your SBS 2003 domain, I
suggest we try the following steps to see if we can resolve this issue:

1. You have to rerun the CEICW to make sure your SBS 2003 server have right
network configuration. Go through the follow KB and Rerun CEICW again
carefully.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

2. Please point the default gateway of this windows server 2003 to SBS
internal interface.

3. Please set the web proxy on windows server 2003 IE:

To be a Web Proxy client, please open IE, click Tools->Internet Options,
and click Connections->LAN Settings, configure ISA server as your Proxy
server (you can enter either the computer name or the internal IP of the
ISA server, port 8080 by default.)

Then, test the issue, if it is persists, please go through the following
steps.

4. Modify Internet Access Rule in ISA server

a. Click Start, point to All Programs, point to Microsoft ISA Server, and
then click ISA Server Management.

b. In the Microsoft Internet Security and Acceleration Server 2004 console,
expand YourServerName, and then click Firewall Policy.

c. In the center pane, find a policy named SBS Internet Access Rule,
double-click it.

d. Click Users tap in SBS Internet Access Rule Properties window, highlight
SBS Internet Users and click Remove button, then click Add button and
double-click All Users

e. Click OK, then click Apply button to save and apply the new
configuration.

If the issue persists, please kindly help me collect some information for
further investigation:

1. Does this issue only happen on this windows server 2003?

2. Do you add the windows server 2003 to your SBS 2003 domain as DC?

3. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/tools/isainfo.zip

2) Extract all files to a folder on ISA server.

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me at v-terliu@xxxxxxxxxxxxx

4. Please also help to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that I
can filter the data.

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Tmack" <Terry.McKenna@xxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: 403 forbidden with new server
| Date: 16 Mar 2007 05:26:06 -0700
| Organization: http://groups.google.com
| Lines: 19
| Message-ID: <1174047966.643423.316230@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 216.73.166.175
| Mime-Version: 1.0
| Content-Type: text/plain; charset="iso-8859-1"
| X-Trace: posting.google.com 1174047968 28510 127.0.0.1 (16 Mar 2007
12:26:08 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Fri, 16 Mar 2007 12:26:08 +0000 (UTC)
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET
CLR 1.1.4322; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
| X-HTTP-Via: 1.0 DARKSTAR
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: n76g2000hsh.googlegroups.com; posting-host=216.73.166.175;
| posting-account=hUS5Ew0AAAAlJ5hNgRLJkHhLHD84JB-c
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!news-out.
cwix.com!newsfeed.cwix.com!newscon02.news.prodigy.net!prodigy.net!border1.nn
tp.dca.giganews.com!nntp.giganews.com!postnews.google.com!n76g2000hsh.google
groups.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:23298
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I just added a new Server 2k3 to my SBS 2003 w/ ISA 2004
|
| I had previsouly added a diffrent Server 2k3 with no problem, I didn't
| have to configure anything
|
| This server can not access the internet, I can get to the windows
| update site but the update fails with a security error but I can't get
| to any other sites.
|
| Error Code: 403 Forbidden
|
| The ISA server denied the Specified Uniform Resourse Locator (URL)
| (12202)
|
| I can't spell ISA so if that's the problem can somone tell me where to
| look under in the help file to figure this out
|
| Thanks,
|
|

.