SAP application giving HTTP error 403.2 - Forbidden

You may have seen a screenshot like this a few times in the past.

It's fairly common when you run peripheral services for your business suite on a windows environment. Maybe it's TREX, maybe it's a content server, maybe something entirely third.

And the cause is rather simple: Microsoft supports the use of ASAPI extensions and filters, but prefers that you use modules instead. So the IIS has ASAPI disabled by default. But SAP is "old" technology, so they don't change, just because Microsofts recommendation does. So the trick is to simple enable it.
If you are running server 2008, start the server manager, go to roles, click on the webserver IIS, and in the right hand pane, scroll down to role services. Here you enable ISAPI extensions, and ISAPI filters.
Reboot the server, and notice the difference !

Now, if the difference is you get a permission DENIED instead of forbidden, you may also want to look at if your service user actually has the rights to access files in the virtual directories.

Automatically starting SAP after reboot of windows

SAP was never really made to run on Windows. We all know it, we all accept it, and we all have to deal with having a couple of IDES, or sandbox systems, or even just something from old times on a windows server somewhere. Maybe you are even one of those people who have an entire suite of SAP systems on Windows. So you will be even more annoyed by the tedious AV, patching and update process, that just continually needs to reboot "your" server.
So you have to get weird calls at odd hours about SAP systems not running, or even go through the tedious process of starting the systems manually after every reboot. That takes time. Lots of time.... But it really doesn't have to.
First step is to create a batchfile that does the actual starting of your SAP system. It's fairly simple actually, you just use the sapcontrol.exe
My script looks something like this:

D:\usr\sap\SID\DVEBMGS00\exe\sapcontrol.exe -user sidadm password_here -nr 0 -function Start
D:\usr\sap\SID\DVEBMGS00\exe\sapcontrol.exe -user sidadm password_here -nr 1 -function Start

the number after the -nr parameter is the instance number on the host. You may also have a hostagent that needs to start. remember to add your SID, SIDadm user and his password. Tehnically, you may want to elevate the script to be able to run without using a user/password, or even create a dynamic script to adapt to the use of a changing password, or even consider creating a service user that only runs this script. But for demonstration purposes, this is fine. test your script by closing down the SAP systems in the MMC, and start them again with the script.

On Unix we can simply put in a startsap call at the boot time. But Windows seems to implement this much differently. So how do we run the script once windows starts up ? you may have tried the startup folder, or even added a script to the boot sequence in regedit. And you have likely failed.
But it is actually rather easy. Use windows task scheduler.

You just have to use these settings: 

* Run whether user is logged on or not

* Begin the task at startup

* Delay task for 1 minute (otherwise your database will be down, and the process will fail)

* Action start a program (browse to your script)

And hey presto.... You dont need to get up at night for a virus definition update.

If you want to be very sure, add a pause in your script, and call the sapevt and run a DBcheck (or whatever automated process you may have for validation), followed by a mail or text to your phone. 

Do note that shutting DOWN the system wont be this easy. So if you want to avoid have to "massage" your DB back to life after an unexpected powerdown, you may also want to consider automating the shutdown of the instances (and the DB service).