In this post, we will fix the SharePoint Workflow HTTP 403 Forbidden error that you may face when you browse the Workflow Manager Site URL .
After Installing and configuring Workflow Manager for SharePoint 2016, I tried to test the workflow manager web service by browsing the hostname and the provided workflow manager port as shown below:
The Workflow Management site is opened in Internet explorer as shown HTTP 403 Forbidden error as shown below:
The Workflow Manager website declined to show this web page, this web site requires you to login in.
The “SharePoint Workflow HTTP 403 Forbidden error” usually occurs in case of the following:
- The current user is not a member of the Workflow Admin Group.
- The workflow manager services are not running.
- The
loopback check enabled. - The Workflow Manager is not registered correctly.
The current user is not a member in the Workflow Admin Group
When you configure SharePoint Workflow Manager, It ask you to provide the Workflow Admin Group as shown below:
If the current user that you are using to browse the workflow manager web service is not a member of this admin group, you will get SharePoint Workflow HTTP 403 forbidden error.
If you do not remember which Admin group you have added, you can run the below commands to get the Workflow Admin Group Info.
Get Workflow Manager Admin Group using PowerShell
- Log in to the SharePoint server that you have installed the workflow manager using Farm Account.
- Open the Workflow Manager PowerShell as administrator.
- Run the below cmdlets to get the Workflow Admin Group using PowerShell.
$wffarm = get-wffarm
$wffarm.AdminGroup
It’s NOT recommended to use the “BUILTIN\Administrators” group as Workflow Manager Admin Group.
- Check the members of workflow manager admin group, and make sure that the current login user who
browse s the Workflow manager site is already added to this group. - Open Internet Explorer browser as Administrator.
- Browse the Workflow manager site, the SharePoint Workflow HTTP 403 Forbidden error should be gone now!
Check Workflow Manager Services Status
If the current login user is already a member in the workflow manager admin group and you still can’t browse the workflow management site. in this case, you should make sure that the Workflow Manager Service is up and running by doing the following:
Steps
- Open the Workflow Manager PowerShell.
- Get the Workflow Manager Farm Status.
Get-WFFarmStatus
- Again, open the Windows Services, and make sure that the below services are up and running.
It’s strongly recommended to follow the Workflow Manager Health Checklist to make sure that the workflow manager is configured properly.
Disable LoopBack Check
If you are trying to browse the Workflow Manager Site inside the server. so, you should make sure that the loopback check is disabled as mentioned at step 4 in Configure Alternate Access Mapping In SharePoint Server.
If you already a member of the Workflow Manager Admin Group and the Workflow Manager Services are up and running and you still getting “SharePoint Workflow HTTP 403 forbidden error.” so that means, it is not a permission issue and looks like it’s related to the SharePoint workflow manager service registration.
But you should be aware of It’s not allowed to register the SharePoint workflow manager service on the same web application more than one time. therefore, to ReRegister SharePoint Workflow Manager Service again, you should do the following:
Steps
- Open Central Administration.
- Below “Application Management“, click on “Manage Service Applications“.
- Select the “Workflow Service Application Proxy“.
- From the above ribbon, Click on “Delete“.
- Run SharePoint Management Shell as Administrator.
- Register the SharePoint Workflow Manager service.
Register-SPWorkflowService -SPSite 'http://sitecollectionurl' -WorkflowHostUri 'http://site:12291' -AllowOAuthHttp -force
SPSite: Specifies a site collection to configure.
It seems that each site collection needs to be registered with workflow service. therefore, it’s not 100% correct, once you have registered a workflow service to any SharePoint site collection within the farm, it will be enabled for all SharePoint webapplications/site collections. I am pretty sure about this behavior and that what I got on my farm.
WorkflowHostUri: Specifies a string of the full URI for the Workflow Service.
The provided ports must be the same provided ports in the Configure Ports step as above mentioned.
by default, it’s 12291 for HTTP and 12290 for HTTPS.
- Run the IE browser as an Administrator.
- Browse the Workflow Manager Site, the “SharePoint Workflow HTTP 403 forbidden” error should be solved now!
It would be also great to perform health checklist for the current SharePoint Workflow Manager Configuration to make sure that the Workflow Manager has been configured correctly as mentioned at SharePoint Workflow Manager Health Checklist
Conclusion
In conclusion, we have tried to investigate and solve the SharePoint Workflow HTTP 403 forbidden error that you may face when you browse the workflow management site in SharePoint 2019 and SharePoint 2016.
Applied To
- SharePoint 2019.
- SharePoint 2016.
- SharePoint 2013.
- Workflow Manager.
You might also like to read
- The Caller doesn’t have the necessary permissions required for this operation.
- Configure Workflow Manager for SharePoint 2013.
- Failed to query the OAuth S2S metadata endpoint at URI.
- Failed to register because the farm is already registered with a workflow service.
- Workflow Manager Health Checklist for SharePoint 2019.
Have a Question?
If you have any related questions, please don’t hesitate to ask it at deBUG.to Community.
Pingback: Workflow Manager: Port is blocked | SPGeeks
Pingback: Register-SPWorkflowService: Timeout Issue | SPGeeks
I think this is among the most important information for me. And i’m glad reading your article. But should remark on few general things, The website style is great, the articles is really great : D. Good job, cheers