The host name didn't change.  Both forward and reverse lookups are providing the correct name on both the PCs and the server.  The URL works if you copy it out and drop it in any browser.  The link doesn't work from a redirect from our website however which started immediately after the upgrade.  It opens a new tab, throws the 403 error but then works if you put the cursor in the address bar and hit enter again.

hi Mike,

Have you tried: utils service restart Cisco Tomcat, just to make sure nothing is stuck on tomcat?

If you have cluster then is this the same on both Publisher and Subscriber?

Leszek

I've tried restarting the service multiple times as well as bouncing the servers.  I do have a cluster and I have the same issue on both servers.

Hi Mike,

Thanks for information. Can you try to reproduce the issue, and then collect Audit, Tomcat and Event Viewer application logs. Once those are collected please attach them to your post.

Please specify time and date of the test and IPs of client and Server.

Additionally couple of questions:

- have you tried different browsers?

- do you have any proxy or firewall between PC and CUC?

Leszek

Sorry in advance for the dumbed down response, I am not versed in website administration.  We use a portal solution for our intranet page that allows user info to be passed along when you link to a website/application which broke in version 11.  I am guessing Cisco secured tomcat a little better and because Cisco doesn't apparently allow info to pass to the login page, it throws the 403 error.  I asked Cisco if there was anything we could do to allow the user info to pass to the login page and was told no.

We ended up opening a ticket with the portal vendor and their simple solution was to have us use buttons rather than links because the buttons don't pass user info.  This was our work around.

We have the same problem on Connection 11.5.1.  I have tried it with multiple browsers and the behavior is the same.  Also, the server name did not change.  If I click a SharePoint link, I get the 403 error.  If I paste the link, it works.  Also, on a page where I got the 403 error,  if I click on the address bar, at the end of the address and press enter (not refresh), then it also works.  If I have the url in a Word document and click the hypertext link, then it also works.  This may be related to SharePoint.

We use a portal solution for our intranet page that allows user info to be passed along when you link to a website/application which broke in version 11. I am guessing Cisco secured tomcat a little better and because Cisco doesn't apparently allow info to pass to the login page, it throws the 403 error. I asked Cisco if there was anything we could do to allow the user info to pass to the login page and was told no. We ended up opening a ticket with the portal vendor and their simple solution was to have us use buttons rather than links because the buttons don't pass user info. This was our work around.

Thanks for the response, though not ideal, I'm also looking into this with our cisco team. in my case, the link is literally just a link, sending you to the URL, I might have to try a button though, not sure what difference it would make.

Thanks!

we had this issue with webdialer. we used noreferrer with header. this worked for us!!!!

I will test this and if it works, you'll get the "Correct Answer" award.  Thanks Sascha.

We've just had the same happen after our Unity 11.5.1 upgrade, making some of our knowledge article links to Unity PCA forbidden now. Can you please share the exact characters how to add this element to the end of the URL. For example, what exactly do I add after the "do" in our PCA URL:

 https://[hostname]/ciscopca/home.do

Not an HTML guy by any stretch. Also, I'm reaching out to TAC to see if this is a known defect and/or what the "official" fix is. Thanks.