I'm being plagued by odd problems with BM after upgrading from 3.7 to 3.8SP3
with Surfcontrol. We're on NW6.5 SP3 with postSP3 patches (server.exe, cifs,
nss and tcp659j). Server is Proliant 1850R with 1gb ram, holds a replica of
the server's container but not the main container where the users and groups
live. There are about 25 rules, and "Authenticate only when user attempts to
access a restricted page" is enabled. Clntrust is v1.3.

Just spent all morning troubleshooting a user who gets a 403 forbidden on a
UK government site which, as far as I can see, everyone else in the building
can access. This has been ongoing for at least 2 days. I've remotely
controlled his pc and repeatedly tried to access the site, but I'm unable to
trace which rule is denying him as nothing ever shows up in the access
control log. In the common logs on the sys:\volume all I get is entries
which show: - USER.OURCOM.TREE[28/Sep/2005:10:32:39 +0100] "GET
http://www.hmrc.gov.uk/ebu/bvraccountingfortax.pdf HTTP/1.0" 403 1727 - USER.OURCOM.TREE[28/Sep/2005:10:33:02 +0100] "GET
http://www.hmrc.gov.uk/ebu/msgaccountingfortax.pdf HTTP/1.0" 403 1727 - USER.OURCOM.TREE[28/Sep/2005:10:33:07 +0100] "GET
http://www.hmrc.gov.uk/pensionscheme...ng-for-tax.pdf HTTP/1.0" 403
1727 - USER.OURCOM.TREE[28/Sep/2005:10:36:52 +0100] "GET
http://www.hmrc.gov.uk/ebu/bvraccountingfortax.pdf HTTP/1.0" 403 1727 - USER.OURCOM.TREE[28/Sep/2005:10:37:03 +0100] "GET
http://www.hmrc.gov.uk/ebu HTTP/1.0" 403 1727 - USER.OURCOM.TREE[28/Sep/2005:10:37:12 +0100] "GET
http://www.hmrc.gov.uk/ HTTP/1.0" 403 1727 - USER.OURCOM.TREE[28/Sep/2005:10:40:04 +0100] "GET
http://www.hmrc.gov.uk/ HTTP/1.0" 403 1727

....but there is never anything listed in the access control log at the same
time to give an indication of which rule it is falling foul of.
What is the significance of the "403 1727" at the end of each line?
I have a several other users with similar problems accessing sites that
should be unrestricted.


Steve Law