access denied by acl


The following is the error I am getting when i type the url address of webi and hit enter.

“HTTP 401.3 - Access denied by ACL on resource”


maanan (BOB member since 2003-01-30)

Permisions need fixed on your webi server

Setup the IUSR_account with full control on the program files\business objects directory … and set it up with replace permissions on subdirectories

Chris Pohl :us: (BOB member since 2002-06-18)

This was helpful :+1:

Thanks as usual Chris!

Cindy Clayton :us: (BOB member since 2002-06-11)

I did this but we’re still having two problems. We can reach Webi using localhost rather than the servername and once in, we still get the ACL error when trying to view corporate docs.

After making Chris’s changes, I stopped and started IIS. Any other ideas?

We’re W2K3, 6.5.

Cindy Clayton :us: (BOB member since 2002-06-11)

We also have the same issue. We can log in but if we try to click on any corporate documents, then we get the access denied ACL error.

Any ideas ?

gterrign (BOB member since 2004-08-12)

I was also having the same problem. Following the suggestion I read in some thread here on BOB, I changed the application protection IIS setting of wiasp to “Low (IIS processes)”. That fixed the problem and also a WIJ 20002 error that I was getting. According to tech support, this change is needed in “some environments”, but this is not documented. Tech support says this setting is not related to security, but rather to process and memory management. I’m running Bo 6.5.1 on Windows 2003.

Italo Sessegolo (BOB member since 2002-08-29)

Hi does anyone know where this sits in IIS6? In IIS5 you just right clicked on the virtual directory and chose properties but I don’t see the same option in IIS6

irish_stan :ireland: (BOB member since 2003-05-13)

I think that IIS 6.0 must be running on “IIS 5.0 isolation mode” for those options to be available. Do a google search on it and you will find instruction on how to set that up.

Italo Sessegolo (BOB member since 2002-08-29)

Thank you Italo.

Changing this to IIS5 isolation mode allowed us to set the application to low and it has now solved our 401.3 error.

irish_stan :ireland: (BOB member since 2003-05-13)

Same issue. Access denied by ACL. 401. 3 issue

BO 6.5.1 , IIS 6, win 2003, sql server 2000.

The BO folder and the wiasp (IIS) has the required permissions for the account used when accessed by anonymous.

When tried to login through the supervisor account and accessing the corp documents, we get the 401 error.

~ Should I be change IIS 6 to run on IIS 5.0 isolation mode?

Did anybody else face this problem? - Please share the solution implemented.

Appreciate your comments/answers!!!

Thanks in advance.

User@BO (BOB member since 2012-07-23)

What’s the site set up as far as authentication, windows auth or anonymous? I’ve had issues when I didn’t turn off the NT authentication (we don’t use that on our application).

Also, I swear you need to open up something on C - windows\system32 - inetserv? We needed to open that up for our ASP sites.


bdouglas :switzerland: (BOB member since 2002-08-29)

thanks for the reply -

Its set to Anonymous. Windows authentication is DISABLED.

There is
C:\WINDOWS\system32\inetsrv.mib and
a folder -> C:\WINDOWS\system32\inetsrv

Do you remember what exactly you did here?

User@BO (BOB member since 2012-07-23)

That’s the one - I opened that up to my IUSR_ account, and I believe I opened it up to my BO service owner (read, write, etc).

I also did some digging on my old notes, and I opened these folders, the BO folders, to IWAM and IUSR accounts, the BO service owner account - eg, all 3.

from 2003:


bdouglas :switzerland: (BOB member since 2002-08-29)

thanks . Let me try that and get back to you.

User@BO (BOB member since 2012-07-23)

tried that.

I already had the BO folders open to IWAm, IUSR and the BO account (anonymous account).

I now opened inetsrv folder to BO account. IUSR already had it opened.

But no luck yet!! :frowning:

User@BO (BOB member since 2012-07-23)

Just as a test, maybe add IUSR to your admin group, see if that helps… At least that says it’s IUSR and it’s permissions. If that fails, add IWAM.

I dug again, and I see something about granting rights to IUSR to the DLLHOSTS.exe program - that’s worse trying at this point, too.


bdouglas :switzerland: (BOB member since 2002-08-29)


The issue is now resolved :wave: . I had to set the application security to low.

I really thank every one who has helped me and I believe this is a great BOB forum and again - thanks to everyone for posting your issues on BO and most importantly, the solutions for the same :slight_smile:

User@BO (BOB member since 2012-07-23)