HTTP Status 403 – Forbidden after ColdFusion upgrade on IIS

NOTE: this post is relevant for the IIS based servers. For Apache based servers, see https://handyman.dulare.com/http-status-403-forbidden-after-coldfusion-upgrade-on-apache/

This issue occurs mostly in ColdFusion 2016 and ColdFusion 2018 but can also be seen in older versions. Here is the story: you are performing an update, the update package is installed and the server restarted. ColdFusion administrator is working fine. The problem is that on the website you see:

HTTP Status 403 – Forbidden. And – suprisingly – it comes from Apache Tomcat. Why, if I’m using IIS on my Windows-based server?

The thing is that the connection between IIS and Apache Tomcat which is handling ColdFusion requests is no longer working fine. You can also find a name “connector” – the connector between IIS and ColdFusion.

The solution

In most cases, the simplest thing to do is to rebuild the connector between IIS and ColdFusion. In order to do this, execute wsconfig as an administrator. It can be found in this directory:

[ColdFusion_installation_directory]/cfusion/runtime/bin/

Once opened, the wsconfig will show the list of currently configured websites. In my example I have one connector for all websites I host on this server:

You should remove each website to leave the list empty. Once all of the are removed, you can create new connectors by using “Add” button.

In most cases the default values in this window are good. If you want to configure your websites individually, you can select the website you want to configure in IIS Web Site dropdown.

Once you have your connectors recreated, the 403 – Forbidden error should dissapear. The web server is restared during the connector creation (with an exception if you ask not to do so), so there is no need to do this manually.