Error message when you visit a Microsoft website that is hosted on Akamai CDN: Access Denied
This article provides a solution to an issue where you receive an "Access Denied" message when you go to certain Microsoft websites that are hosted by the Akamai content delivery network (CDN).
Applies to: Windows Server 2016, Windows 10 - all editions
Original KB number: 4492050
When you go to a Microsoft website that is hosted by the Akamai CDN, you frequently receive an "Access Denied" message that resembles the following:
You don't have permission to access
http://www.microsoft.comon this server.
In this message, the URL value is the URL of the site the user tried to reach and the reference number is a unique identifier for that user and access attempt.
Examples of common CDN-hosted Microsoft websites include but aren't limited to the following:
This issue occurs because of the measures that Akamai has implemented to protect its websites from denial-of-service attacks. If a single origin or source tries to connect too frequently, these measures automatically block any IP addresses from that origin or source. The exact thresholds that are used to determine when to block addresses are based on connection volume.
The blockage is usually temporary. As soon as the connection volume remains below the defined thresholds for a while, the block on the affected TCP/IP address is expected to be removed.
To resolve this issue, make sure that you (or your organization) are not trying to connect to these websites too frequently within a short time.
For example, this issue can occur in an enterprise environment that uses devices that test network connectivity. Such a device tests Internet connectivity from an internal network by connecting to one or more Internet addresses that are considered reliable and responsive (such as Microsoft websites). The device reconnects to these sites at an interval that is set by the enterprise administrator. If that interval is too short, the protection measures on the Akamai CDN may identify the device as a potential threat and then block it. To fix the issue, the enterprise administrator may have to only reduce the recurrence interval of the test connections.
Third-party information disclaimer
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.