This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP ERROR 403 after upgrading my Test server from SBM v11.8 to v12.1

I've just upgraded my Test server, which is controlled by DISA, from SBM v11.8 to v12.1 and installed APLS v2022.08 on the same server.

I ran into this 403 error everytime I tried to access the work center using both Chrome and Edge. I cleared browser data all the time and when I ran "nslookup" I also got the response without Time Out issue, but there's no way for me to access the work center. I upgraded my Development server a few months ago and everything worked fine because this environment is in my project network. Does anyone experience the same issue? Any suggestions please? 

Parents
  • Verified Answer

    +1  

        We need to determine what is generating the 403 issue.  

    First, ensure that IIS Logging is enabled on workcenter, gsoap and sbmconnector.  Then, check the IIS logs to get the 403.X error if one exists.   The .X will tell us a lot if you are getting the 403 on IIS. Open DevTools and verify which URL is giving you the 403 error.

    Next, in the URL you have the hostname,  Copy the URL and paste it into notepad.  Do you see a "continue" or "wreply" query parameter that references a hostname different from the URL hostname?  If so, look at Configurator > Authentication > SSO  Protected Hosts and verify that this other hostname is there.  If it is and you have an asterisk next to Authentication, the solution may be to just apply Configurator again.  Perhaps, the SBM IDP is throwing the error.

Reply
  • Verified Answer

    +1  

        We need to determine what is generating the 403 issue.  

    First, ensure that IIS Logging is enabled on workcenter, gsoap and sbmconnector.  Then, check the IIS logs to get the 403.X error if one exists.   The .X will tell us a lot if you are getting the 403 on IIS. Open DevTools and verify which URL is giving you the 403 error.

    Next, in the URL you have the hostname,  Copy the URL and paste it into notepad.  Do you see a "continue" or "wreply" query parameter that references a hostname different from the URL hostname?  If so, look at Configurator > Authentication > SSO  Protected Hosts and verify that this other hostname is there.  If it is and you have an asterisk next to Authentication, the solution may be to just apply Configurator again.  Perhaps, the SBM IDP is throwing the error.

Children
  • 0 in reply to   

    Thank you David for your suggestions and I'm really sorry for my late response, because I've been too busy to try out all possibilities to resolve the issue.

    - At first, from the IIS log file, the error was 403 - 16 related to the certificate so I have to re-import all DOD certificate. After this action, I no longer see 403 - 16 error from the log.

    - However, I now see the error as "403 keep alive". The hostname shown in the URL or the one next to wreply and the one under Configurator > Authentication > SSO Protected Hosts is the same one.

    From the web browser using the Developer tools, the error is "Failed to load resource: the server responded with a status of 403 ()"