XCCC: Instant Messaging Server or Router Returns "403 - Forbidden" Error Message to Instant Messaging Client (306776)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q306776

SYMPTOMS

Exchange 2000 Instant Messaging clients that are trying to connect to the Instant Messaging Server through a firewall may receive the following error message on a subscribe request from the client to the server:
HTTP/1.1 Error 403 - Forbidden
In addition, if you perform a Network Monitor (Netmon) trace, the XML data of the server response contains "Error 401 - Access Denied" and also the following error message:
SUBSCRIBE on node http://imserver url failed with error 80400191 while innitiating operation

CAUSE

This issue can occur if the IMRouter Firewall Topology Module (FTM) is configured improperly:
  • The FTM configuration excludes the client IP address from the range of addresses that can connect directly to the server.
  • The IMRouter is configured as a gateway instead of a redirector. In the gateway mode, the IMrouter responds with a 403 event, but the home server responds with 401 because the router is configured for "gateway" behavior instead of redirection. The IMrouter responds with 403 instead of passing on the 401 response from the home server because the IMrouter is not able to authenticate through a gateway.

RESOLUTION

To resolve this issue:
  1. Start Exchange 2000 Exchange System Manager.
  2. Click to expand Global Settings.
  3. Right-click Instant Messaging Settings, and then open the properties.
  4. Click the Firewall Topology tab.
  5. Click Edit under IP address ranges protected by this firewall, and then edit the range of IP addresses to include the appropriate user IP addresses.
  6. If you use a proxy for redirection, click to select the Use a proxy server for outbound requests check box and include the correct proxy server and configuration information for the proxy server.

MORE INFORMATION

An administrator can use the Exchange 2000 Instant Messaging Firewall Topology Module (FTM) subcomponent to determine whether to use a gateway for, refer (redirect), or reject a request that cannot be served locally. This determination is based on network topology. The FTM determines whether a given source IP address can connect to a given destination IP address.

For additional information about the FTM, see the Exchange 2000 Help.
Modification Type:MinorLast Reviewed:4/25/2005
Keywords:kberrmsg kbprb KB306776
©2004 Microsoft Corporation. All rights reserved.