Wednesday, February 19, 2014

Workflow Manager 1.0 for Sharepoint 2013 - forbidden error (error 403)

This Workflow forbidden error (error 403) came up from no where. I had this SharePoint farm configured with the workflow farm which was running fine for about 2 months, but from no where the error popped up.

This may occur when you try to activate the workflow feature which you deployed through Visual Studio 2012 or when you try to start a designer WF you may get "Something went wrong". You check the log then it says "Workflow Manager forbidden error :403"

Below are the few steps you can follow to solve this error

1) Go to central Admin click on "Workflow Service Application" and check in properties you find on ribbon if you have assigned the Administrator .If not provide the service account as Administrator

2)It is always good to have the Administrator  assigned to "User Profile Service Application "
in the same way

3)Try opening the url in IE http://localhost:12291 for http based web service where the Workflow Manager is installed
               It might give you the forbidden error again
4)Open the IE as Admin and try opening the same url http://localhost:12291 if u dont get the XML schema then there is problem with the credentials the services are running
      You don't get the run as Admin option for IE if your server OS is windows server 2012
to open IE with run as Admin privileges you need to navigate to folder where the IE is installed
C:\Program Files\Internet Explorer then open iexplorer.exe  as Admin

5)Go to the data base and check for service bus databases , if the service account with which the services are running has the required privileges
6) Open event viewer and check for the error and I found that the service bus message broker service was not in running state from this.

7)Last but not least this the reason where you may get forbidden error for workflow service most of the time

  • Go to services and check if the below service are running

  1. Service Bus Gateway
  2. Service Bus Message broker service
  3. Windows Fabric host service

I had this situation of  Service Bus Message broker service in  Starting state

you can stop the Windows Fabric host service and restart again. This should trigger the service bus services to start again. If not check the service account and password with which the services are running.

Open the Workflow Management Shell  and Get-SbFarm , Get-SbFarmStatus you should be able to see all the services are running in it ..If not it is a problem.

In my case the above happened and all I wanted is to start these service !! so I performed below items

  • I planned to re configure the Service Bus farm unlike SharePoint you don't have the option to run the config wizard again
  • So I opened Service Bus Configuration wizard  and chose the option to Leave Farm
  • Went to services and saw neither service bus gateway nor Service Bus Message broker service was present
  • Next step was to open the Service Bus Configuration wizard  again and instead of creating new farm I chose  "Join the old Farm " option and gave the server and db name as old config since I had this SbManagementDB and SBMessageContainerDB were already present with data

This created Service bus gateway and Service Bus Message broker newly and in running state !!

Problem solved :)



  1. I have discovered that if I open internet explorer as administrator, when I goto website http://localhost:12291 I no longer get a 403 error. I actually get the XML I was expecting.

  2. Hi I followed the steps, but I am faced with the following error: Group WindowsFabricAllowedUsers not found. please advise, as I do not have these groups in users and groups.