000022261 - RSA Authentication Agent 5.3 for Web gives error 403 when users connect through Microsoft ISA 2004 Firewall

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022261
Applies ToRSA Authentication Agent 5.3 for Web for Microsoft IIS
Microsoft Windows Server 2003
Microsoft Internet Security and Acceleration (ISA) Server 2004 Firewall
IssueRSA Authentication Agent 5.3 for Web gives error 403 when users connect through Microsoft ISA 2004 Firewall
Error: "403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)"
No problem occurs when RSA Authentication Agent 5.3 for Web is disabled
CauseThe problem is caused because the default configuration which has been configured has not allowed the pages presenting the SecurID authentication to the user to go through the firewall
Resolution

By examining the firewall rules that were configured, you can amend the specific rule created for the OWA traffic. Having identified the specific rule, display the properties. Click the Paths tab, click Add... and add/WebID/* , then and clickOK. The display should now look like the following:

 

The rule should now be saved, and the ruleset reapplied to the firewall. Contact Microsoft Customer Support for full advice on how to correctly configure the Microsoft ISA 2004 firewall.

NOTE: See Configuring_ISA2004_for_SecurID.zip for a thorough example of configuring ISA protecting OWA.

WorkaroundSecurID authentication is activated to protect an Outlook Web Access (OWA) system which has been published through Microsoft ISA 2004 Firewall
Legacy Article IDa27714

Attachments

    Outcomes