04-06-2016 02:44 PM - edited 03-14-2019 03:56 PM
Hi,
I am getting 403 forbitten error
This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.
When I check the logs I see
5323: PM-PN-CC01: Apr 06 2016 10:42:18.256 -05:00: %.ctor-INFO-[5581059] ***** NEW REQUEST RECEIVED ***** Request URI: https://localhost:7890/icm-dp/rest/DiagnosticPortal/GetMenu
5324: PM-PN-CC01: Apr 06 2016 10:42:18.257 -05:00: %IsUserAuthorized-WARN-[5581059] Local user 'xxxx\xxxx' authorization failed
5325: PM-PN-CC01: Apr 06 2016 10:42:18.496 -05:00: %.ctor-INFO-[8056294] ***** NEW REQUEST RECEIVED ***** Request URI: https://localhost:7890/icm-dp/rest/DiagnosticPortal/ListProcesses?Random=1459957338507
Just dont know which all access right would be needed as I can use same user account and access the other servers diagnostic portico
Kindly let me know
Regards,
DJ
04-07-2016 02:56 AM
What type of user are you using to login to portico, looking at the logs looks like its local user.
and by default local users are not authorised to use portico unless you add them to the security group on local machine called ICMDiagnosticframeworkusers.
there might be chances that on other servers the local users are added to the above group but not on this server.
05-17-2017 12:20 PM
Adding a user to this group doesn't make a difference. I'm guessing there is some parent object that controls this but I don't know which one.
05-18-2017 07:43 AM
Have you tried login in using a domain user? not the local user on the machine itself. You can use one of the domain admin accounts used to configure icm components
05-20-2017 04:44 PM
Exactly. A domain user in the Local Admin group on the box can always run the Portico. I am unsure if there are any other ways: (a) if the domain user is a member of Config under the Cisco_ICM OU, is that sufficient to run the Portico? (b) if the domain user is a member of Setup under the Cisco_ICM OU (and not a Local Admin), is that sufficient to run the Portico? I doubt that either of these are sufficient.
I have never really investigated and rely on being a Local Admin.
The Portico is a nice remote tool to use to look across your ICM boxes to tell you if something is wrong - and you probably then need to go in and fix it, so you would need to have Local Admin to do that (restart a service etc).
Regards,
Geoff
05-18-2017 09:31 AM
The local user having member of the ICMDiagnosticframeworkusers works just fine for me.
But i am running PCCE 9.0 in my lab and security may have enhanced in future versions.
You can check log for more detail.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide