5 Replies Latest reply on Jul 31, 2015 2:31 PM by TSGal

    Two Machine Config throws "Forbidden You do not have authorization to access this server." when...

    JacksonVeigel

      Summary

      Two Machine Config throws "Forbidden You do not have authorization to access this server." when trying to access IWP page

      Product

      FileMaker Server

      Version

      11v5

      Operating system version

      Windows Server 2008 R2 Datacenter SP1

      Description of the issue

      When browsing to the IWP URL of the web server (eg. http://10.10.0.1/fmi/iwp/) in either a two machine or two machine alternative configuration the browser reports a message "Forbidden You do not have authorization to access this server." The forbidden page is being generated by FileMaker Server after looking at the source HTML. Both machines in the configuration work successfully in single machine config.

      My guess is that it has something to do with the OS configuration or 3rd party software installed by the vendor who created the server but I can't nail it down.

      The only 3rd party software is:
      Google Chrome
      AWS Tools for Windows
      Citrix Tools for Virtual Machines
      EC2Config Service
      UniversalForwarder by Splunk Inc. (Checked the ports on this one, and they don't overlap.)

      The servers are hosted at AWS and we have confirmed both machines software firewalls are off and the following TCP ports are open (bi-directionally) between the servers which are on different routers::

      80
      443
      5003
      16000
      16001
      16016
      16018
      16020
      16021

      -Checked a netstat -an too and the proper ports are listening/established.

      -Also, the WAS service reports a warning and error in the windows system log that could be related:

      Log Name:      System
      Source:        Microsoft-Windows-WAS
      Event ID:      5189
      Level:         Error
      Description:
      The Windows Process Activation Service failed to generate an application pool config file for application pool 'DefaultAppPool'. The error type is '7'. To resolve this issue, please ensure that the applicationhost.config file is correct and recommit the last configuration changes made. The data field contains the error number.

      Log Name:      System
      Source:        Microsoft-Windows-WAS
      Event ID:      5009
      Task Category: None
      Level:         Warning
      Description:
      A process serving application pool 'DefaultAppPool' terminated unexpectedly. The process id was '564'. The process exit code was '0xff'.

      Steps to reproduce the problem

      Go to IWP url

      Expected result

      See web start page with database listing

      Actual result

      Unable to browse to site, get 403 error.

      Exact text of any error message(s) that appear

      "Forbidden You do not have authorization to access this server."

      Configuration information

      Amazon Web Services server.
      Windows 2008 R2 Datacenter SP1.
      IIS 7
      php 5.217
      java 6 update 37
      bonjour 2.0.0.34
      visual C++ ver 9.0.30729

      FMS Two machine alternative and two machine regular both with SSL and without.

      Workaround

      Single machine config

      Screenshot_2015-07-21_14.43.54.png

        • 1. Re: Two Machine Config throws "Forbidden You do not have authorization to access this server." when...
          TSGal

          'Jackson Veigel:

          Thank you for your post.

          10.10.0.1 is a private IP address.  What is the public IP Address?  From the server, go to whatismyip.com.

          What occurs if you have all firewalls turned off (on both machines) and using the public IP Address?

          Are you able to access the Admin Console from the server?  If you have IP Address filtering for Admin Console access, and you try to visit the Admin Console from an IP Address that isn't allowed, you can get a 403 error (permission denied).

          Any other information you can provide may help narrow down the possible causes.

          TSGal
          FileMaker, Inc.

          • 2. Re: Two Machine Config throws "Forbidden You do not have authorization to access this server." when...
            JacksonVeigel

            Sorry for the miscommunication, but both servers are on a local network, this data is not going over the internet. They are just on different subnets/routers within AWS local network.

            • 3. Re: Two Machine Config throws "Forbidden You do not have authorization to access this server." when...
              TSGal

              Jackson Veigel:

              If the machines are truly on the same network and only on different subnets, then no port forwarding should be required.  However, a 403 message means there is a firewall somewhere.  Possibly a physical firewall on the network.  Check with the server administrator.

              On a side note, I see you are using FileMaker Server 11.0v5, which was never tested nor supported with Windows Server 2008 R2 Datacenter SP1.  Have you tried the same setup with FileMaker Server 14?

              TSGal
              FileMaker, Inc.

              • 4. Re: Two Machine Config throws "Forbidden You do not have authorization to access this server." when...
                JacksonVeigel

                Thanks for your help, but still having the issue. I did see that Datacenter was not supported and we're pushing the client to switch to Windows Server Standard.

                We tried the setup with FileMaker 14 and got the error in the screen shot below. I manually installed URL Rewrite 2.0 and ARR 3.0 and still got the same error.

                • 5. Re: Two Machine Config throws "Forbidden You do not have authorization to access this server." when...
                  TSGal

                  Jackson Veigel:

                  Testing has informed me that if FileMaker Server is not recognizing the installation, open a command prompt and navigate to the folder:

                  C:\FileMaker Server 14\Files\ISSetupPrerequisites\{80C791A4-2842-416B-A193-81AD50C8BBAE}>

                  Issue the following commands and answer Y or yes

                  WebpiCmd.exe /Install /Products:ARR

                  Note: there is an option of /AcceptEula for the above command to
                  - Suppress Accept / Declient prompt for EULA.
                    Using this switch is the same as accepting all

                  Example after the above is completed

                  You are responsible for and must locate and read the license terms for each of the software above.  Do you agree to the license terms for each of the third-party and/or Microsoft software listed above?

                  Please enter (Y/N): y

                  Starting Installation

                  Started downloading products...

                  Started downloading: 'Web Farm Framework 1.1'

                  Downloaded: 'Web Farm Framework 1.1'

                  Started downloading: 'External Cache 1.0'

                  Started installing Products...

                  Started installing: 'Web Farm Framework 1.1'

                  Downloaded: 'External Cache 1.0'

                  Started downloading: 'Hotfix for External Cache 1.0'

                  Downloaded: 'Hotfix for External Cache 1.0'

                  Started downloading: 'URL Rewrite 2.0'

                  Downloaded: 'URL Rewrite 2.0'

                  Started downloading: 'Application Request Routing 2.5'

                  Downloaded: 'Application Request Routing 2.5'

                  Started downloading: 'KB2589179 for Application Request Routing 2.5'

                  Downloaded: 'KB2589179 for Application Request Routing 2.5'

                  Started downloading: 'Application Request Routing 2.5 with KB2589179'

                  Downloaded: 'Application Request Routing 2.5 with KB2589179'

                  Install completed (Success): 'Web Farm Framework 1.1'

                  Web Farm Framework 1.1 : Installed

                  Started installing: 'External Cache 1.0'

                  Install completed (Success): 'External Cache 1.0'

                  External Cache 1.0 : Installed

                  Started installing: 'Hotfix for External Cache 1.0'

                  Install completed (Success): 'Hotfix for External Cache 1.0'

                  Hotfix for External Cache 1.0 : Installed

                  Started installing: 'URL Rewrite 2.0'

                  Install completed (Success): 'URL Rewrite 2.0'

                  URL Rewrite 2.0 : Installed

                  Started installing: 'Application Request Routing 2.5'

                  Install completed (Success): 'Application Request Routing 2.5'

                  Application Request Routing 2.5 : Installed

                  Started installing: 'KB2589179 for Application Request Routing 2.5'

                  Install completed (Success): 'KB2589179 for Application Request Routing 2.5'

                  KB2589179 for Application Request Routing 2.5 : Installed

                  Started installing: 'Application Request Routing 2.5 with KB2589179'

                  Install completed (Success): 'Application Request Routing 2.5 with KB2589179'

                  Application Request Routing 2.5 with KB2589179 : Installed

                   

                  Verifying successful installation...

                  Web Farm Framework 1.1                             True

                  External Cache 1.0                                 True

                  Hotfix for External Cache 1.0                      True

                  URL Rewrite 2.0                                    True

                  Application Request Routing 2.5                    True

                  KB2589179 for Application Request Routing 2.5      True

                  Application Request Routing 2.5 with KB2589179     True

                  Install of Products: SUCCESS

                  -----

                  The above information appears to be for ARR 2.5, which can be obtained at:

                  https://www.microsoft.com/en-us/download/details.aspx?id=13345

                  If this doesn't work, the recommendation is to totally uninstall FileMaker Server and perform a new installation, as this should install ARR correctly.

                  TSGal
                  FileMaker, Inc.