Web Debug

Fix broken web applications, from servers to clients.

Troubleshoot IIS 403 errors

IIS 6

  • 403 - Forbidden. You can receive this generic 403 status code if the Web site has no default document set, and the site is not set to allow Directory Browsing. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:
    320051 How to configure the default document in Internet Information Services
  • 403.1 - Execute access forbidden. The following are two common causes of this error message:
    • You do not have enough Execute permissions. For example, you may receive this error message if you try to access an ASP page in a directory where permissions are set to None, or you try to execute a CGI script in a directory with Scripts Only permissions. To modify the Execute permissions, right-click the directory in Microsoft Management Console (MMC), click Properties, click the Directory tab, and make sure that the Execute Permissions setting is appropriate for the content that you are trying to access.
    • The script mapping for the file type that you are trying to execute is not set up to recognize the verb that you are using (for example, GET or POST). To verify this, right-click the directory in Microsoft Management Console, clickProperties, click the Directory tab, click Configuration, and verify that the script mapping for the appropriate file type is set up to allow the verb that you are using.


  • <!--more-->
  • 403.2 - Read access forbidden. Verify that you have set up IIS to allow Read access to the directory. Also, if you are using a default document, verify that the document exists. For additional information about how to resolve this problem, click the article number below to view the article in the Microsoft Knowledge Base:
    247677 Error Message: 403.2 Forbidden: Read Access Forbidden
  • 403.3 - Write access forbidden. Verify that the IIS permissions and the NTFS permissions are set up to grant Write access to the directory.For additional information about how to resolve this problem, click the article number below to view the article in the Microsoft Knowledge Base:
    248072 Error Message: 403.3 Forbidden: Write Access Forbidden
  • 403.4 - SSL required. Disable the Require secure channel option, or use HTTPS instead of HTTP to access the page.
  • 403.5 - SSL 128 required. Disable the Require 128-bit encryption option, or use a browser that supports 128-bit encryption to view the page.
  • 403.6 - IP address rejected. You have configured the server to deny access to your current IP address. For additional information about how to resolve this problem, click the article number below to view the article in the Microsoft Knowledge Base:
    248043 Error Message: 403.6 - Forbidden: IP Address Rejected
  • 403.7 - Client certificate required. You have configured the server to require a certificate for client authentication, but you do not have a valid client certificate installed.
    186812 PRB: Error Message: 403.7 Forbidden: Client Certificate Required
  • 403.8 - Site access denied. You have set up a domain name restriction for the domain that you are using to access the server.For additional information about how to resolve this problem, click the article number below to view the article in the Microsoft Knowledge Base:
    248032 Error Message: Forbidden: Site Access Denied 403.8
  • 403.9 - Too many users. The number of users who are connected to the server exceeds the connection limit that you have set. For additional information about how to change this limit, click the article number below to view the article in the Microsoft Knowledge Base:
    248074 Error Message: Access Forbidden: Too Many Users Are Connected 403.9

    NOTE: Microsoft Windows 2000 Professional and Windows XP Professional automatically impose a 10-connection limit on IIS. You cannot change this limit.
  • 403.12 - Mapper denied access. The page that you want to access requires a client certificate. However, the user ID that is mapped to the client certificate has been denied access to the file. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
    248075 Error: HTTP 403.12 - Access Forbidden: Mapper Denied Access


 

IIS 7, IIS 7.5, IIS 8


















403.1 Execute access forbidden The appropriatelevel of the Execute permission is not granted. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:

942065 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.1 - Forbidden"
403.2 Read access forbidden The appropriate level of the Read permission is not granted. Verify that you have set up IIS 7.0, IIS 7.5, and IIS 8.0 to grant the Read permission to the directory. Additionally, if you use a default document, verify that the default document exists. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:

942036 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.2 - Forbidden"
403.3 Write access forbidden The appropriate level of the Write permission is not granted. Verify that the IIS 7.0, IIS 7.5, and IIS 8.0 permissions and the NTFS file system permissions are set up to grant the Write permission to the directory. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:

942035 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.3 - Forbidden"
403.4 SSL required The request is made over a nonsecure channel, and the web application requires a Secure Sockets Layer (SSL) connection. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:

942070 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.4 - Forbidden"
403.5 SSL 128 required The server is configured to require a 128-bit SSL connection. But, the request is not sent by using 128-bit encryption. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:

942069 Error message when you try to browse a webpage that is hosted on IIS 7.0: "HTTP Error 403.5 - Forbidden"
403.6 IP address rejected The server is configured to deny access to the current IP address. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:

942068 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.6 - IP Address Rejected"
403.7 Client certificate required The server is configured to require a certificate for client authentication. But, the client browser does not have an appropriate client certificate installed. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

942067 Error message when you try to run a web application that is hosted on a server that is running IIS 7.0: "HTTP Error 403.7 - Forbidden"
403.8 Site access denied The server is configured to deny requests based on the Domain Name System (DNS) name of the client computer. For more information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:

942066 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.8 - Forbidden"
403.12 Mapper denied access The page that you want to access requires a client certificate. But, the user ID that is mapped to the client certificate is denied access to the file. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

942064 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.12 - Client Certificate Denied"
403.13 Client certificate revoked The client browser tries to use a client certificate that was revoked by the issuing certification authority. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

942063 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.13 - Forbidden"
403.14 Directory listing denied The server is not configured to display a content directory listing, and a default document is not set. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

942062 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.14 - Forbidden"
403.16 Client certificate is untrusted or invalid. The client browser tries to use a client certificate that is not trusted by the server that is running IIS 7.0, IIS 7.5, or IIS 8.0 or that is not valid. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

942061 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.16 - Forbidden"
403.17 Client certificate has expired or is not yet valid. The client browser tries to use a client certificate that is expired or that is not yet valid. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

942038 Error message when you try to visit a webpage that is hosted on Internet Information Services 7.0: "HTTP Error 403.17 (Forbidden) - The client certificate has expired"
403.18 Cannot execute requested URL in the current application pool. A custom error page is configured, and the custom error page resides in a different application pool than the application pool of the requested URL. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

942037 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.18 - Forbidden"
403.19 Cannot execute CGI applications for the client browser in this application pool. The identity of the application pool does not have the Replace a process level token user right. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

942048 Error message when you visit a website that is hosted on IIS 7.0: "HTTP Error 403.19 - Forbidden"

Troubleshoot IIS 400 errors

The Http.sys file blocks IIS from processing the request because of a problem in the request. Typically, this HTTP status code means that the request contains characters or sequences that are not valid or that the request contradicts the security settings in the Http.sys file.

How to troubleshoot HTTP 400 errors
By Mike Laing

When troubleshooting HTTP 400 conditions, first remember that the client has sent a request to IIS that breaks one or more rules that HTTP.sys is enforcing. Then, gather a network trace of the request/response, to see the raw data the client is sending to the server, and the error data the server sends back to the client. Next, get the httperr.log data for the failed request. Finally, use the error message in the browser, the network trace data, and the httperr.log data to pinpoint the failure reason as per KB820729. It is possible that HTTP.sys can be configured to allow the request (although doing so may lower the security level of your IIS server), so check KB820129 to verify.

Troubleshoot Kerberos Errors

Troubleshooting Kerberos Errors

Outlines basic troubleshooting strategies. Summarizes issues that typically cause problems with Kerberos authentication. Lists Kerberos error messages, possible causes, and possible resolutions. Describes tools commonly used to troubleshoot Kerberos authentication problems.

Troubleshooting Kerberos Delegation

Windows internal (memory, object, process, handles)

Want to know more about Windows Kernel? Mark Russinovich wrote a Pushing the Limits series which lead to walk through the Windows internal concepts and mechanisms. Physical/virtual memory, paged/non-paged pool, process, threads, handles, user/GDI objects.

Pushing the Limits of Windows: Physical Memory
One of the most fundamental resources on a computer is physical memory. Windows' memory manager is responsible with populating memory with the code and data of active processes, device drivers, and the operating system itself. Because most systems access more code and data than can fit in physical memory as they run, physical memory is in essence a window into the code and data used over time. The amount of memory can therefore affect performance, because when data or code a process or the operating system needs is not present, the memory manager must bring it in from disk.
Besides affecting performance, the amount of physical memory impacts other resource limits. For example, the amount of non-paged pool, operating system buffers backed by physical memory, is obviously constrained by physical memory. Physical memory also contributes to the system virtual memory limit, which is the sum of roughly the size of physical memory plus the maximum configured size of any paging files. Physical memory also can indirectly limit the maximum number of processes, which I'll talk about in a future post on process and thread limits.

Fork me on GitHub