My test server is Windows 2003, IIS 6 and CF9.0.2 with SQL Server 2008.
About 3 months ago, I got some pushback from security about the ownership of the directory I had installed CF on. So I had to change the ownership of the drive. Not a big deal.
About 4 weeks ago, I started receiving a "Error while executing task 403 Forbidden" in the scheduler.log file every time I ran a job via the scheduler. So, I figured it had something to do with my recent change in ownership. I uninstalled and re-installed CF9. Still getting the same problem. Not a big deal I figure just a test server and I an due to upgrade in March, production is on Windows 2008, will upgrade to Windows 2012, CF11, etc. . . . . .
Come today and I have a production problem and I need to run a test file via scheduler. I forgot that the scheduler is throwing "Error while executing task 403 Forbidden" when any job is running. I go out to search the Windows logs, and low and behold, security had expired the passwords on the IUSER_machinename and IWAM_machinename accounts! So, I have gone ahead and changed the passwords on these accounts, but still am receiving the "Error while executing task 403 Forbidden" error. Any suggestions? Permissions had not changed after I re-installed CF.
Also, a common problem with Scheduled Tasks is that they don't run through the normal browser/server interaction. When you visit a page via a browser, there are some authentication/authorization things happening automatically. With a scheduled task, there is only a CFHTTP request to the page, and the authentication/authorization step isn't done the same way - that's why there is a set of fields in the scheduled task setup to enter a username and password. Unfortunately, in a Windows domain environment, this doesn't usually work.
Search these forums for issues with scheduled tasks and you'll see numerous different possible solutions to this issue. The only one I've found that works reliably is to create a separate IIS website just for the scheduled tasks, and use anonymous authentication. Only allow access from localhost or 127.0.0.1 to that site, and you should be fairly secure.
After reading both of your responses, I went back to look at my IIS setup for my path for the scheduled job.
Yes, I had the a separate IIS website just for the scheduled tasks - and I reentered the new password for IUSR_machinename account. I then looked at the SSL certificate (edit under secure communications) and it must have reset the check box on the 'require secure channel (SSL)'. Unchecked the box, apply, and tested. Job ran to success.
Thank you both, Carl and BKBK for you assistance.
Thank you too for sharing that with us.