Getting 403 errors what is wrong?

Getting 403 errors what is wrong?

Users are seeing a Jetty 403 forbidden error from webNetwork, when launching a webApp.

Things to check:
  1. The DNS Name field on the relay object is blank.
  2. The External port set in the webApp is not already used on the relay.  Usually only applies to Dedicated Port webApps.
  3. The Virtual DNS name is not already used by another map/webApp/virtual host (requires restarting webNetwork after making Virtual DNS name unique).
  4. Had various webApps at one time using same virtual DNS name, that have since been removed.  Server is now confused and requires a restart to clear out all the previous old webApp configurations from memory.  Related to #3.
  5. The link was created using the Access Control option of webApp.
    (if you have a custom link, you still need a web application link to give user rights)
  6. User has been assigned the webApp's link.
  7. WebApp is assigned to the relay(s).
  8. Relay can communicate to the webApp's host address on the port specified.
  9. Created a custom web page to launch webApp, but user is not assigned the webApp generated link.
  10. If you have multiple relay servers, check if it is just one relay server that has error.
  11. webApp's Virtual DNS name is not in same domain as the relay's DNS name.
  12. If using clustering, check cluster is up for all nodes.  Also check there are no cluster communication issues between the loaders.
  13. If launching webApp from custom link, be sure case is correct.  Our web server uses case sensitive URLs.
  14. Check that the Virtual DNS name for the webApp is resolvable by the relay and the client machine.
  15. Check to make sure you do not have any leading or trailing spaces on the DNS name in host or webApp objects.
  16. Make sure that if you are using SecureByIP option on webApp, that you are using a valid login policy to login with.
  17. Make sure you are accessing the portal using a DNS name and NOT an IP number.
  18. Remove any underscores from the Virtual DNS name. Underscores are not good to use because not all browsers and systems handle them the same way.
  19. Check other browsers, if it is just IE, check the Trusted internet zones / Trusted intranet zone and Trusted sites. You should have *.domain in the Intranet zone. This can cause the cstonesessionid cookie to not be sent and thus a 403 error because you are not authenticated.
  20. Turn on Anonymous access for the webApp temporarily. If it works then the stoneware cookie is not being sent.
  21. If using a load balancer, and your loaders are not clustered, make sure the load balancer is sending all communication back to the same relay.
  22. The "Rights URL" field, on the link, contains a valid URL.

Keywords: webapp 403 external dns

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...
      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...
      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • Related Articles

      • Client side SSO errors

        The customer is getting the following errors when trying to use the client side SSO features in webNetwork for RDP / Citrix.  The first error:  The relay path of 192.168.9.29/axis/services/WebNetworkPortalService is not a valid format.  The second ...
      • DNS Errors

        Customer is having issues talking to active directory and ran a dns test with the results INFO: exploring forest using domain controller: server1.company.com  >>>>>: (DNS) - testing domain: COMPANY  INFO: according to DNS, the following services are ...
      • Errors connecting to RDP device.

        This means that the user's machine is unable to connect to the backend server.  This can happen for a variety of reasons  Some things to check:  1) Make sure your workstation is fully patched. Example: SP3 for Windows XP  a) The updated RDP 6 from ...
      • MS AD LDAP bind errors.

        LDAP error code 49 is the generic code for authentication error.  https://helpdesk.lenovosoftware.com/portal/kb/articles/ldap-error-codes-22-8-2017 has the list of java ldap top level error codes.  To fully understand the error you need the rest of ...
      • Errors during the upgrade of webNetwork.

        When upgrading webNetwork to the latest version you may see the following errors in the webNetworktrace.log or the 8090 management console wizard logs. Upgrade Wizard :  [com.stoneware.service.Ant]: Unable to create object: ...