2

I have a Windows 2012r2 server running IIS 8 on a virtual machine.

I set up two sites and pointed them to the D: drive.

d:\data\site1
d:\data\site2

and it was working, or so I thought. I originally set up /site2 first to test basic functionality, which worked, and then started configuring /site1. I got that working as well. (mysql and php worked and loaded pages)

I just went to load the site2 address and it was giving a "403 - Forbidden: Access is denied" error. /site1 still worked. I played around with /site2 to see why it wasn't working and couldn't figure it out. I didn't modify folder/file permissions to cause this error.

I pointed /site1 at the /site2 directory and that worked at that time. I thought maybe the AppPool was messed up somehow so I deleted both AppPools and both Sites to just start over, leaving the web content alone on the D: drive.

I recreated both site1 and site2 and now both give a 403 error. I can't get either one to work.

The IIS log shows: 403 1393 [ip address of client]

As a test, I pointed site1 to the original c:/inetpub/wwwroot directory and that too gives error 403.

So I don't think the problem is folder/file permission related. It's also not Default Document related because I all folders have a default.html file and the Default Document setting has that. I even tried manually adding /default.html to the url and that fails with 403.

I don't have any IP restrictions configured and browsing locally fails as well.

I've installed a handful of security updates and have rebooted since the last time site2 worked but don't know what else might've changed that would cause this because I've been working on configuring site1.

It feels like it's a server or IIS wide issue because any newly created site now will not load.

What else can I check?

Thanks!

mindmischief
  • 172
  • 2
  • 2
  • 9
  • In the IIS logs what is the sub code on the 403 error? Check it against this list https://support.microsoft.com/en-us/kb/943891 – Mass Nerder Oct 22 '15 at 21:27
  • The log at C:\inetpub\logs\LogFiles\test2\W3SVC1 only shows "403 1393 ip". It doesn't have a subcode in the format of 403.x. – mindmischief Oct 22 '15 at 22:00
  • In IIS are you in logging in W3C format? Have you added or removed fields? It should be in the format of `sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken` the IP should not be after the error code. the 1393 seems like it could be the PID maybe – Mass Nerder Oct 22 '15 at 22:13
  • ah, thanks. I enabled sc-substatus and now the log shows "403 503". – mindmischief Oct 22 '15 at 22:19
  • Thats still not a sub code for a 403 error. this will help you reset your logging if you need to http://www.iis.net/learn/manage/provisioning-and-managing-iis/configure-logging-in-iis – Mass Nerder Oct 22 '15 at 22:31
  • I changed the logging to only log sc-status and sc-substatus and it returned: #Fields: sc-status sc-substatus 403 503 – mindmischief Oct 22 '15 at 22:33

2 Answers2

5

Here's how I got my IIS fixed after getting random 403's all over.

1

2

3

paul-2011
  • 165
  • 1
  • 6
2

I did have IP Address and Domain Restrictions enabled but at the site level. Under "Edit Feature Settings..." it was set for 'deny' for 'Access for unspecified clients'.

Because there wasn't a separate entry under the main setting I thought it was not in use.

I think the 403 503 error indicates that an IP restriction is set.

http://forums.iis.net/t/1210696.aspx

mindmischief
  • 172
  • 2
  • 2
  • 9