SharePoint Workflow HTTP 403 Forbidden

SharePoint Workflow HTTP 403 Forbidden error

In this post, we will fix the SharePoint Workflow HTTP 403 Forbidden error that you may face when you browse the Workflow Manager Site URL .

SharePoint Workflow HTTP 403 Forbidden

SharePoint HTTP 403 Forbidden error


After Installing and configuring Workflow Manager for SharePoint 2016, I tried to test the workflow manager web service by browsing the hostname and the provided workflow manager port as shown below:

Test Workflow Manager Web Service

The Workflow Management site is opened in Internet explorer as shown HTTP 403 Forbidden error as shown below:

The Workflow Manager website declined to show this web page, this web site requires you to login in.

website declined to show this web page this web site requires you to login in

Cause of SharePoint Workflow HTTP 403 Forbidden error

The “SharePoint Workflow HTTP 403 Forbidden error” usually occurs in case of the following:

  1. The current user is not a member of the Workflow Admin Group.
  2. The workflow manager services are not running.
  3. The loopback check enabled.
  4. The Workflow Manager is not registered correctly.

Fixing SharePoint Workflow HTTP 403 Forbidden error

The current user is not a member in the Workflow Admin Group

When you configure SharePoint Workflow Manager, It ask you to provide the Workflow Admin Group as shown below:

Workflow Manager Admin Group

If the current user that you are using to browse the workflow manager web service is not a member of this admin group, you will get SharePoint Workflow HTTP 403 forbidden error.

If you do not remember which Admin group you have added, you can run the below commands to get the Workflow Admin Group Info.

Get Workflow Manager Admin Group using PowerShell
  • Log in to the SharePoint server that you have installed the workflow manager using Farm Account.
  • Open the Workflow Manager PowerShell as administrator.
Run Workflow Manager PowerShell
  • Run the below cmdlets to get the Workflow Admin Group using PowerShell.
$wffarm = get-wffarm
$wffarm.AdminGroup
Get Workflow Admin Group using PowerShell

It’s NOT recommended to use the “BUILTIN\Administrators” group as Workflow Manager Admin Group.

  • Check the members of workflow manager admin group, and make sure that the current login user who browses the Workflow manager site is already added to this group.
  • Open Internet Explorer browser as Administrator.
  • Browse the Workflow manager site, the SharePoint Workflow HTTP 403 Forbidden error should be gone now!

403 forbidden workflow manager

Check Workflow Manager Services Status

If the current login user is already a member in the workflow manager admin group and you still can’t browse the workflow management site. in this case, you should make sure that the Workflow Manager Service is up and running by doing the following:

Steps
  • Open the Workflow Manager PowerShell.
Run Workflow Manager PowerShell
  • Get the Workflow Manager Farm Status.
Get-WFFarmStatus
Get the Workflow Manager Farm Status using PowerShell
  • Again, open the Windows Services, and make sure that the below services are up and running.
Service Bus Message Broker

It’s strongly recommended to follow the Workflow Manager Health Checklist to make sure that the workflow manager is configured properly.


Disable LoopBack Check

If you are trying to browse the Workflow Manager Site inside the server. so, you should make sure that the loopback check is disabled as mentioned at step 4 in Configure Alternate Access Mapping In SharePoint Server.

Disable loop Back Check - Workflow Manager

Register SharePoint Workflow Manager Service Correctly

If you already a member of the Workflow Manager Admin Group and the Workflow Manager Services are up and running and you still getting “SharePoint Workflow HTTP 403 forbidden error.” so that means, it is not a permission issue and looks like it’s related to the SharePoint workflow manager service registration.

But you should be aware of It’s not allowed to register the SharePoint workflow manager service on the same web application more than one time. therefore, to ReRegister SharePoint Workflow Manager Service again, you should do the following:

Steps
  • Open Central Administration.
  • Below “Application Management“, click on “Manage Service Applications“.
  • Select the “Workflow Service Application Proxy“.
  • From the above ribbon, Click on “Delete“.
Delete Workflow Manager Service Application Proxy
  • Run SharePoint Management Shell as Administrator.
  • Register the SharePoint Workflow Manager service.
Register-SPWorkflowService -SPSite 'http://sitecollectionurl' -WorkflowHostUri 'http://site:12291' -AllowOAuthHttp -force
SharePoint Workflow HTTP 403 Forbidden

SPSite: Specifies a site collection to configure.
It seems that each site collection needs to be registered with workflow service. therefore, it’s not 100% correct, once you have registered a workflow service to any SharePoint site collection within the farm, it will be enabled for all SharePoint web applications/site collections. I am pretty sure about this behavior and that what I got on my farm.


WorkflowHostUri: Specifies a string of the full URI for the Workflow Service.
The provided ports must be the same provided ports in the Configure Ports step as above mentioned.
by default, it’s 12291 for HTTP and 12290 for HTTPS.

  • Run the IE browser as an Administrator.
  • Browse the Workflow Manager Site, the “SharePoint Workflow HTTP 403 forbidden” error should be solved now!
403 forbidden workflow manager

It would be also great to perform health checklist for the current SharePoint Workflow Manager Configuration to make sure that the Workflow Manager has been configured correctly as mentioned at SharePoint Workflow Manager Health Checklist 


Conclusion

In conclusion, we have tried to investigate and solve the SharePoint Workflow HTTP 403 forbidden error that you may face when you browse the workflow management site in SharePoint 2019 and SharePoint 2016.

Applied To
  • SharePoint 2019.
  • SharePoint 2016.
  • SharePoint 2013.
  • Workflow Manager.
You might also like to read
Have a Question?

If you have any related questions, please don’t hesitate to ask it at deBUG.to Community.

3 thoughts on “SharePoint Workflow HTTP 403 Forbidden”

  1. Pingback: Workflow Manager: Port is blocked | SPGeeks

  2. Pingback: Register-SPWorkflowService: Timeout Issue | SPGeeks

  3. I think this is among the most important information for me. And i’m glad reading your article. But should remark on few general things, The website style is great, the articles is really great : D. Good job, cheers

Leave a Reply