The customer is trying to run a repair on his SMP Server. While SIM (Symantec Installation Manager) is running repairs on the required MSIs and reconfigure the necessary config files, it fails showing messages like:

Unable to access Web Service:
https://servername/Altiris/NS/Services/NSConfigurationWebService.asmx

The remote server returned an error: (403) Forbidden.

and the repair ends saying that the configuration failed.

The 2 pages that seems to be affected this way are:

"LicensingWebService.asmx" and "NSConfigurationWebService.asmx" (under SMPSERVER>Sites>Default Web Site>Altiris>NS>Services\).

The SIM logs shows messages like these:

Entry 1:
Verifying webservice is available at Url: https://SMPServer.domain.com/Altiris/NS/Services/NSConfigurationWebService.asmx
-----------------------------------------------------------------------------------------------------
Date: 7/14/2016 2:47:26 PM, Tick Count: 1009375 (00:16:49.3750000), Size: 430 B
Process: SymantecInstallationManager (6720), Thread ID: 32, Module: SymantecInstallationManager.exe
Priority: 4, Source: Symantec.Installation.WebServiceFactory.ServiceAvailable

Warning 1:
Exception encountered while verifying webservice: System.Net.WebException: The remote server returned an error: (403) Forbidden.
   at System.Net.HttpWebRequest.GetResponse()
   at Symantec.Installation.WebServiceFactory.ServiceAvailable(Type t, String webServiceRootUrl)
-----------------------------------------------------------------------------------------------------
Date: 7/14/2016 2:47:27 PM, Tick Count: 1010250 (00:16:50.2500000),  Size: 572 B
Process: SymantecInstallationManager (6720), Thread ID: 32, Module: SymantecInstallationManager.exe
Priority: 2, Source: Symantec.Installation.WebServiceFactory.ServiceAvailable

Error 1:

Unable to load licenses from NS server.
The request failed with HTTP status 403: Forbidden.
   [System.Net.WebException @ System.Web.Services]
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Altiris.NS.Licensing.LicensingWebServiceProxy.GetLicenseStatus()
   at Symantec.Installation.Model.LicenseManager.<LoadLicensesFromServer>d__15.MoveNext()
   at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
   at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
   at Symantec.Installation.Model.LicenseManager.LoadFromServer(Func`1 getLicXml)
   at Symantec.Installation.Model.LicenseManager.LoadLicenses(Boolean force)

Exception logged from:
   at Symantec.Installation.Logging.LogActivity.ReportException(Int32 severity, String strMessage, String category, Exception exception, String footer)
   at Symantec.Installation.Logging.LogActivity.ReportException(String strMessage, String category, Exception exception)
   at Symantec.Installation.Model.LicenseManager.LoadLicenses(Boolean force)
   at Symantec.Installation.Model.LicenseManager.RefreshLicenses(Boolean force)
   at Symantec.Installation.Model.LicenseManager.<RefreshLicensesTask>b__29()
   at System.Threading.Tasks.Task.Execute()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot)
   at System.Threading.Tasks.Task.ExecuteEntry(Boolean bPreventDoubleExecution)
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

-----------------------------------------------------------------------------------------------------
Date: 7/14/2016 2:51:44 PM, Tick Count: 1267187 (00:21:07.1870000),  Size: 2.23 KB
Process: SymantecInstallationManager (6720), Thread ID: 27, Module: SymantecInstallationManager.exe
Priority: 1, Source: Symantec.Installation.Model.LicenseManager.LoadLicenses

SMP 7.6 HF7 and later

SIM 8.0.93

In this particular instance, the issue was caused by IP Restrictions added to the Default Website and by having under "IP Address and Domain Restrictions>Edit Feature Settings", it was set to "Deny" access for unspecified clients rather than "Allow".

This was an IIS configuration issue.

Verify the following settings for those pages:
1. Under SSL Settings, uncheck 'Require SSL'
2. Under permissions for those pages, grant "Read and Execute" and "List Folder Contents" for Authenticated Users account.
3. If you have IP Restrictions under "IP Address and Domain Restrictions", check that under "IP Address and Domain Restrictions>Edit Feature Settings", it is set to "Allow" access for unspecified clients rather than "Denied".