Friday, March 11, 2011

DPM causes IIS read access forbidden (403 2)

I have just spent several hours trying to figure out why Microsoft (MS) Security Center Essentials 2007 (SCE) isn’t able to serve MS Updates to its clients anymore. This looks like it was working 6 months ago, but not any more.

I tracked it to IIS problems – pretty much every request from another machine was getting sent back with error 403 sub-error 2 read access forbidden despite the fact that everything looked fine in IIS Manager.

It looks like MS Data Protection Manager (DPM) locks down IIS pretty tightly and, sure enough, the box has DPM 2007 installed on it too.

More info: