Getting 403 errors what is wrong?

Getting 403 errors what is wrong?

Users are seeing a Jetty 403 forbidden error from webNetwork, when launching a webApp.

Things to check:
  1. The DNS Name field on the relay object is blank.
  2. The External port set in the webApp is not already used on the relay.  Usually only applies to Dedicated Port webApps.
  3. The Virtual DNS name is not already used by another map/webApp/virtual host (requires restarting webNetwork after making Virtual DNS name unique).
  4. Had various webApps at one time using same virtual DNS name, that have since been removed.  Server is now confused and requires a restart to clear out all the previous old webApp configurations from memory.  Related to #3.
  5. The link was created using the Access Control option of webApp.
    (if you have a custom link, you still need a web application link to give user rights)
  6. User has been assigned the webApp's link.
  7. WebApp is assigned to the relay(s).
  8. Relay can communicate to the webApp's host address on the port specified.
  9. Created a custom web page to launch webApp, but user is not assigned the webApp generated link.
  10. If you have multiple relay servers, check if it is just one relay server that has error.
  11. webApp's Virtual DNS name is not in same domain as the relay's DNS name.
  12. If using clustering, check cluster is up for all nodes.  Also check there are no cluster communication issues between the loaders.
  13. If launching webApp from custom link, be sure case is correct.  Our web server uses case sensitive URLs.
  14. Check that the Virtual DNS name for the webApp is resolvable by the relay and the client machine.
  15. Check to make sure you do not have any leading or trailing spaces on the DNS name in host or webApp objects.
  16. Make sure that if you are using SecureByIP option on webApp, that you are using a valid login policy to login with.
  17. Make sure you are accessing the portal using a DNS name and NOT an IP number.
  18. Remove any underscores from the Virtual DNS name. Underscores are not good to use because not all browsers and systems handle them the same way.
  19. Check other browsers, if it is just IE, check the Trusted internet zones / Trusted intranet zone and Trusted sites. You should have *.domain in the Intranet zone. This can cause the cstonesessionid cookie to not be sent and thus a 403 error because you are not authenticated.
  20. Turn on Anonymous access for the webApp temporarily. If it works then the stoneware cookie is not being sent.
  21. If using a load balancer, and your loaders are not clustered, make sure the load balancer is sending all communication back to the same relay.
  22. The "Rights URL" field, on the link, contains a valid URL.

Keywords: webapp 403 external dns

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...

      • Related Articles

      • Client side SSO errors

        The customer is getting the following errors when trying to use the client side SSO features in webNetwork for RDP / Citrix.  The first error:  The relay path of 192.168.9.29/axis/services/WebNetworkPortalService is not a valid format.  The second ...

      • DNS Errors

        Customer is having issues talking to active directory and ran a dns test with the results INFO: exploring forest using domain controller: server1.company.com  >>>>>: (DNS) - testing domain: COMPANY  INFO: according to DNS, the following services are ...

      • Errors connecting to RDP device.

        This means that the user's machine is unable to connect to the backend server.  This can happen for a variety of reasons  Some things to check:  1) Make sure your workstation is fully patched. Example: SP3 for Windows XP  a) The updated RDP 6 from ...

      • MS AD LDAP bind errors.

        LDAP error code 49 is the generic code for authentication error.  https://helpdesk.lenovosoftware.com/portal/kb/articles/ldap-error-codes-22-8-2017 has the list of java ldap top level error codes.  To fully understand the error you need the rest of ...

      • Errors connecting to Apple CIFS Share

        In order to connect to OES2 and Netware CIFS shares, some additional parameters need to be added to the webNetwork.lax file.  These parameters are incompatible with Apple CIFS shares. Below are some errors that can be encountered if the OES2/Netware ...