• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

403 Error on ISAPI_redirect.dll IIS IsapiModule

Guest
Jan 20, 2014 Jan 20, 2014

Copy link to clipboard

Copied

We recently installed and configured a CF10 server on a 08 r2 box. After following the Adobe recommended setup (custom accounts for each of the services - iis, cf) in the lockdown guide and a reboot, cfm pages are no longer properly handled (redirected).

The web server trace identifies this as the root problem:

144. CALL_ISAPI_EXTENSION

DllName[home_dir]\config\wsconfig\1\isapi_redirect.dll

Warning

145. -MODULE_SET_RESPONSE_ERROR_STATUS 

ModuleNameIsapiModule
Notification128
HttpStatus403
HttpReasonForbidden
HttpSubStatus0
ErrorCode0
ConfigExceptionInfo
NotificationEXECUTE_REQUEST_HANDLER
ErrorCodeThe operation completed successfully. (0x0)

User from tokenNT AUTHORITY\IUSR

We've already made sure that exe rights are provided for the IUSR (as well as cf and iis) to both that .dll as well as the entire folder.

We have also tried changing the handler mapping (invoke only if req is mapped to file/folder) as well as it's access config (none, script, exec).

The only time we get a different error mesage is when we disable the *.cfm mapping - which rightly so yields a 500 or a 404 error message.

By not processing .cfm page correctly the cf admin is not accessible either.

Any ideas on this would be appreciated.

p.s. there is no subcode (substatus) to the 403.

Views

2.9K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Jan 21, 2014 Jan 21, 2014

Copy link to clipboard

Copied

Check the Identity on the ApplicationPool for the site.  Make sure that you have granted the required privileges to the ApplicationPoolIdentity user.  IIRC, that can be tricky, so this article may help: http://www.iis.net/learn/manage/configuring-security/application-pool-identities.

-Carl V.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 21, 2014 Jan 21, 2014

Copy link to clipboard

Copied

LATEST

The AppPool was running under the same coldfusion-service user that we created which does have execution privileges over that dll.

However we tried switching the user for that app pool to LocalSystem (just in case) and still no chage.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation