Error Message: HTTP 403.15 - Forbidden: Client Access Licenses exceeded (264908)


The information in this article applies to:

  • Microsoft Internet Information Services 5.0
This article was previously published under Q264908

Notice

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SYMPTOMS

When you connect to Microsoft Internet Information Services by using a browser, you may receive the following error message:
HTTP 403.15 - Forbidden: Client Access Licenses exceeded
Internet Information Services

The number of authenticated users has exceeded the number of Client Access Licenses (CAL).
The Event Viewer may log the following error messages:
Event ID: 27
Source: W3SVC
Description: The server was unable to acquire a license for a SSL connection.
Event ID: 201
Source: LicenseService
Description: No license was available for user <username> using product IIS 5.0.

CAUSE

This problem is caused by one of two things:
  • The number of authenticated users has exceeded the number of Client Access Licenses (CAL).
  • The number of Secure Socket Layer (SSL) users (anonymous or authenticated) has exceeded the number of CALs installed on the server.
Note If the License Logging Service is stopped, only ten concurrent SSL connections are accepted.

RESOLUTION

There are two counters at work in this scenario:
  • a counter for CALs
  • a counter for SSL connections
By default, the SSL connection limit is set to the number of CALs, which also applies to anonymous SSL connections. Microsoft is aware of this issue and a hotfix is available that will allow an unlimited number of SSL connections regardless of the number of CALs.

Service pack information

To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

Hotfix information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date      Time       Version        Size     File name
   ------------------------------------------------------
   6/1/2000  9:46:36AM  5.0.2195.2096  356,112  W3svc.dll

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows 2000 Service Pack 2.

MORE INFORMATION

Note This section describes the behavior of the problem as it exists without the hotfix that is mentioned in the "Resolution" section.

SSL connection counting: Each SSL connection (anonymous or authenticated) decrements the SSL connection counter. This counter is initialized with the total number of CALs that are installed on the system. For example, if you have 10 CALs installed on a Web server, then the server will support up to 10 concurrent SSL connections.

To better understand CALs and SSL connection counting, review the following scenarios:
  • An anonymous user browses a public Web site. No CALs are consumed. Anonymous users do not consume CALs.
  • An anonymous user attempts to access a page that requires a logon. The user is authenticated and granted access to the page. One CAL is consumed. Each uniquely authenticated user consumes one CAL.
  • An anonymous user attempts to access a page that requires a logon. The user is authenticated and granted access to the page. The same user opens a second Web browser and browses to the same page. He or she authenticates with the same username. One CAL is consumed. Each uniquely authenticated user consumes one CAL regardless of the number of connections to the same server.
  • An anonymous user browses to a commerce Web site and shops, adding items to a shopping cart. When this user goes to pay (transition into an SSL session), one SSL connection is consumed for that username. No CALs are consumed. SSL connections do not consume CALs, but the total number of SSL connections is limited to the number of CALs installed on the Web server.
  • A Web server has 20 CALs installed. It can support up to 20 authenticated users in addition to 20 SSL (anonymous and/or authenticated) connections concurrently. If a user is authenticated and using SSL, then a CAL is consumed and the SSL connection counter is decremented by one. Only the act of authenticating requires a CAL. Internet Information Server maintains a separate counter for SSL connections.
  • An anonymous user browses to an intranet Web site. The same user is also authenticated to the same Web server by an external authentication mechanism such as a UNC network share (\\ComputerName\Share). One CAL is consumed. The anonymous account does not consume CALs, but authenticated users do.
  • An anonymous user attempts to access a page requiring a logon. The user is authenticated and is granted access to the page. The user is also authenticated to the same Web server by an external authentication mechanism such as a universal naming convention (UNC) network share (\\ComputerName\Share) to the same server. One CAL is consumed. Each uniquely authenticated user consumes one CAL when connecting to the same Web server regardless of multiple connections.

REFERENCES

For more information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the following article number to view the article in the Microsoft Knowledge Base:

249149 Installing Microsoft Windows 2000 and Windows 2000 hotfixes

Modification Type:MajorLast Reviewed:1/12/2006
Keywords:kbHotfixServer kbQFE kbbug kbfix KB264908
©2004 Microsoft Corporation. All rights reserved.