No announcement yet.

Problem with Remote Web Workspace Error 403, 12202

  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with Remote Web Workspace Error 403, 12202

    We have a problem with Remote Web Workspace, none of our external users can connect from the Internet to the internal network.
    The error code is:
    Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

    We have one dual Xeon Server with:
    Windows Small Business Server 2003 Premium Edition SP1 which act as an DNS, DHCP, SQL and ISA 2004 Server
    The server has 2 ethernetcards onboard, 1 for External communication and 1 for the Internal network:
    External NIC > 3Com firewall Router
    Internal NIC > Network Switch
    IP address External NIC,, Gateway (Router), DNS (Internal NIC)
    IP address Internal NIC,, Gateway None, DNS
    The DNS Server ( has forward rules to the Public DNS Servers of the ISP. DNS is working perfectly for all outbound communications.
    The 3Com Router has the public IP address and ports 80, 443, 3389 and 4125 ‘mapped’ thru the firewall to the external NIC (
    Terminal Services inbound communications works fine, but I’m not sure how to set the NAT, both the Router and ISA 2004 can do this, in our case the Router does the NAT.

    When external users wants to connect from the internet using IE 6 SP2 browser (https://public-ip-address/remote) they first get a certificate security warning because the name on the certificate doesn’t match the name of the certificate authority. Just clicking “Yes” on the dialog pane gets them thru but then they get the above mentioned 403 warning.

    All the settings in de server are on default, we followed all of the installation wizards during setup, no errors occurred, installed all the updates and patches, no errors in the logfiles of the server. The Server just works fine and internally all users can connect to all the published internal webserver services like Companyweb, Remote Web Workspace, OWA etc.. and the Internet with no restrictions. The only glitch is that connecting to these internal webserver services gives them also the same certificate error warning, but by just clicking “yes” they can connect to the webservice they want.

    So I think that it has something to do with ISA Server 2004 SP1 or with the Server Certificate. Microsoft recommended the use of the Internet and E-mail Connection Wizard at the server, so we did, but with no results. We use the FQDN to make a new certificate (in the wizard) like (name-of-the-server.domaine-name.local) but looking at the certificate in IIS and ISA the name is changed in (publishing.domain-name.local) but the server name stays the same in DHCP and DNS etc. I’ve re-runned the wizard and at the certificate question I used the Internal IP Address instead of the FQDN but with no results, the error 403 stays.
    Looking in certificates of one of my friend’s Small Business 2003 Server with no ISA server 2004 I see that the name matches the name of the server and that the services are mentioned in the certificate like Remote Web connections etc.
    In our certificate there is only one a line which says that the server is trusted but that the name is not matching with the certificate. The difference is that the certificate has the name (publishing.domain-name.local) and the CN name in the certificate is (name-of-the-server.domaine-name.local). So I think is has something to do with the certificate or ISA… both are using the same certificate, so this matches and therefore tackles one of the possible problems.

    This problem is beginning to be an annoyance because I’ve read all the newsgroups and forums on the Internet and tried all sorts of solutions but with no result.
    Maybe I’ve overlooked something (probably) in ISA Server 2004 because this is the first time I use ISA…

    I hope that someone of you has a solution, anyway thanks in advance.


  • #2
    Re: Problem with Remote Web Workspace Error 403, 12202

    In the current stastus there may be two firewalls on the network and to save you from re-configure complex settings please follow:

    1. Setup the SBS to use only the internal network adapter and disable the
    second NIC.
    2. Please re-configure the ISA to use only as Proxy server and listen to only
    the interal network adapter for users request.
    3. Configure all the clients/servers to use the 3com modem as default gateway.


    Best Regards,

    Yuval Sinay

    LinkedIn:, Blog:


    • #3
      Re: Problem with Remote Web Workspace Error 403, 12202

      Hello Yuval,

      Thanks for the reply, your solution crossed my mind but bypasses the power of ISA Server 2004.
      Your solution definitive works... but it is not what we want to do because using ISA with one single nic is like arming yourself with a big gun with no ammo, just like the moderator of wrote.

      I've pinpointed the problem to the fact if ISA server will work without registering a public domain because our external clients can connect to the ISA server but cannot reach the published server because the name of this server is not matching the public ip address they have to type in their browsers.
      In other words, to connect they have to type the following: https://public_ip_address/remote an then ISA replies that there is no server at that specific URL and this is correct because ISA only let's them through if the name matches and the name of the published server is: https://publishing.domain_name.local.....

      If you know a solution for that I should be very thrilled because this issue is growing on me...

      With best regards,



      • #4
        Re: Problem with Remote Web Workspace Error 403, 12202

        There two ways to implement the changes: direct ADSL connection and re-configure manual routes and more work.
        I will give you a short explain on the direct ADSL connection that it easy to implement:

        SBS - Int NIC - Connect to switch (there no need to configure default
        Gateway on this NIC) - /24
        Ext NIC - Connect to the ADSL modem -
        Virtual Adapter - ADSL Dialer on the SBS to connect to the ADSL

        Clients - Connect to switch

        By using this method you will drop the second firewall and use the ISA
        as the company firewall.
        I would consider buying antivirus for ISA 2004 and using tips in to setup
        The ISA.
        Best Regards,

        Yuval Sinay

        LinkedIn:, Blog:


        • #5
          Re: Problem with Remote Web Workspace Error 403, 12202

          Hello Yuval,

          The problem is solved, the solution is given me at forum and was quite simple just like most things afterwards....

          It was the SBS Weblistener configuration, I had to put the Public IP in it at some point see this:

          The rule: SBS RWW Web publishing Rule should look like this
          General: enable
          Action: allow
          From: anywhere
          To: publishing.yourdomainhere.local AND forward the original host header AND requests appear to came from the original client
          Traffic: HTTPS
          Listener: SBS Web Listener
          Public Name: YOUR PUBLIC IP ADDRESS
          Paths: <same as internal> /ClientHelp/* AND <same as internal> /Remote/*
          Bridging: Web server AND Redirect to HTTP port 80 AND Redirect to SSL port 443
          Users: All Users AND forward basic authentication credencials
          Schedule: Always
          Link translation: replace

          The rule: SBS RWW Inbound Access Rule
          Should be enable

          This did the trick but thanks for your support. Indead I've read something at the about virtual modems like you described.

          Thanks again



          • #6
            Re: Problem with Remote Web Workspace Error 403, 12202

            We have not yet switched our domain name to point to this SBS2003/ISA2004 server. So, the issue is the same except that we are attemtping to access the server using the Public IP address. I have tried to implement the fix listed in this discussion but "no joy." ...Wits end isn't far away now.