403 - Forbidden: Access is denied


  • Dear valuable users


    We are in the process of testing HNLB FOR CAS AND HUB.

    when we try to access owa through HNLB it is gets the following error

    403 - Forbidden: Access is denied

    You do not have permission to view this directory or page using the credentials that you su

    But through WNLB everything  wokking as normal

    any help or hint greatly apprecited




    Saturday, September 17, 2011 2:14 PM


All replies

  • Hi Ashraf,

    Can you inform the below things

    1. are you getting this error, when entering the URL ? are you trying the URL from External domain?

    2. This error, its appearing after the credentials in OWA login page?

    3. your HNLB will have a common IP address, is that NAT to Public IP, which will resolve name to HNLB

    Access Denied, it will be only because of in proper credential. Make sure, you are check owa for a user having valid mailbox and you are entering proper credential to access OWA.

    Thank you

    Sunday, September 18, 2011 4:19 AM

    Hi Rajkumar

    1.yes we are getting this error  when we try to access

    2.Firstly it gets this error I mean before the login

    3.HNLB have common IP address and this error getting when we try to access from our Internal network. From outside we did not checked

    But for using same  HNLB Outlook is working




    Sunday, September 18, 2011 5:20 AM
  • Hi Ashraf,

    I am suspecting it is caused by virtual directory related issue, see (I assume there is no firewall exist when you receive this error).

    To troubleshoot this error, please launch IE in each CAS server and try to access https://localhost/owa.

    Besides, verify the /owa settings on each CAS server based on the article:

    Hope it is useful. Let me know if you have any further question.

    Monday, September 19, 2011 7:11 AM
  • any update?
    Tuesday, September 20, 2011 7:30 AM

    Still we are working on it.

    When we uncheck the ssl settings in IIS of CAS1 .It is working throgh HNLB and no error.

    But CAS2 and CAS3 with SSL also working

    So now we confused where we need look the problem


    Tuesday, September 20, 2011 8:03 AM
  • Hi Ashraf,

    SSL is recommended to enabled on /OWA virtual directory. I'd suggest you verify the IIS log in server CAS1 to see the detaile error code, for example, 403.7 - Client certificate required.

    Besides, check the root web site to see if there is redirect configuration, or incorrect IP binding.


    Wednesday, September 21, 2011 2:54 AM
  • Any update?
    Thursday, September 22, 2011 8:33 AM

    I did not find any erros in IIS server

    is it in Event viewer right?

    Thursday, September 22, 2011 11:42 AM
  • No the IIS log under the webroot folder on the system drive.

    What i find funny is that it works on HTTP but not on HTTPS. Check the bindings on your default web site.

    Thursday, September 22, 2011 12:02 PM