I don't know what this error means:
it is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Can someone tell me what this error means and how to fix it?
EDIT: Also, when I click on the error, it brings me to this line of code in the web.config: <authentication mode="Windows" />
As the error is telling you, you need to mark your virtual directory / website as an Application in IIS Manager.
Related
I'm trying to deploy web pages on IIS. When I try to browse site I got such mistake:
This configuration section cannot be used at this path. This happens
when the section is locked at a parent level. Locking is either by
default (overrideModeDefault="Deny"), or set explicitly by a location
tag with overrideMode="Deny" or the legacy allowOverride="false".
Section in my config file:
<security>
<authentication>
<basicAuthentication enabled="false" />
</authentication>
</security>
May anybody help me to "unlock" parent section (as far as I understand).
You may need to allow feature delegation.
IIS Manager -> Feature Delegation
Select "Authentication - Basic" and change it to Read/Write.
By default it is ReadOnly.
I had the same kind of problem when I tried to deploy ASP.NET pages on IIS. (To be honest don´t know if exactly the same - I am using Windows 10 now, but got same kind of message).
At first it seamed complicated to fix but found out that had a really easy solution.
I Just needed to reinstal IIS at the Control Painel - but with ASP option enabled (I enabled all of the resources for development of applications).
And at the Website (basic) configuration had to select .NET v4.5 Classic.
Error 500.19 and file execution issues and locked on IIS 8
To resolve it I had to execute in cmd:
%windir%\system32\inetsrv\appcmd unlock config -section:system.webServer/handlers
%windir%\system32\inetsrv\appcmd unlock config -section:system.webServer/modules
When I tried to start my IIS server on my local machine (which is running on Windows 7), it is giving me an error saying:
value does not fall within the expected range
I have tried number of thing to correct this issue, but no success. then finally I re-installed the IIS server on my machine but issue is still persist.
Does anyone have any idea about this error? And how can I resolve it?
I have found that, this issue was coming due to incorrect virtual directory was created by visual studio in IIS due to which default web site was unable to start.
What I'd done to resolve this, I'd deleted my Default Web Site and created again in IIS. After that I'd created my application's specific virtual directories. This resolve my problem. Still not know why default web site stop working after incorrect virtual directory created by Visual Studio.
Hope this helps for those who are facing this issue.
I had this issue in IIS 8.5, the problem ended up being an incomplete entry for the host name in the bindings. I didn't include .com on the FQDN.
I have this issue with setting specific accounts for the site to run as..
It goes away if you set the password in the applicationHost.config directly. Cannot do it though IIS anymore though..
In: C:\Windows\System32\inetsrv\config
May help.
I was experiencing the same problem. And the problem was with the file pointed out by #aaron-gibson.
applicationHost.config at: C:\Windows\System32\inetsrv\config
(see here: IIS Configuration Reference)
One of the site had incorrect data:
<application path="/e:\MyFolder\MySiteWithProblem\VDir" applicationPool="AppPool152">
<virtualDirectory path="/" physicalPath="e:\MyFolder\MySiteWithProblem\VDir\Vdir" />
The application path in this case had invalid characters. And also, the physicalPath didn't exist.
Fixing this entry fixed the problem.
The answer marked as the solution fixed the problem because it recreated this file from scratch. But in my case I did not lose all my sites.
I changed the file
applicationHost.config
at: C:\Windows\System32\inetsrv\config
And the entries for each site are in the tags:
<configuration>
<system.applicationHost>
<sites>
...
<site name="Default Web Site" id="1" serverAutoStart="true">
<application path="/MyPath" applicationPool="AppPool152">
<virtualDirectory path="/" physicalPath="e:\MyFolder\MySite\Vdir" />
</application>
...
<site>
...
</sites>
</system.applicationHost>
</configuration>
I had this issue with a new IIS 10 deployment. Our network team copied over the applicationhost.config file from the older servers and this caused it. In IIS 10 there are two new settings that encrypt the password for the app pool identity. Since the IIS 7 config file didn't have those encryption settings then IIS threw this error when assigning a new user. I simply copied over the settings from a brand new server build and it started working fine. Add these two settings to the existing ones already there:
<configProtectedData>
<providers>
<add name="IISCngProvider" type="Microsoft.ApplicationHost.CngProtectedConfigurationProvider" description="Uses Win32 Crypto CNG to encrypt and decrypt" keyContainerName="iisCngConfigurationKey" useMachineContainer="true" />
<add name="IISWASOnlyCngProvider" type="Microsoft.ApplicationHost.CngProtectedConfigurationProvider" description="(WAS Only) Uses Win32 Crypto CNG to encrypt and decrypt" keyContainerName="iisCngWasKey" useMachineContainer="true" />
</providers>
</configProtectedData>
Mine turned out to be an issue with the binding. I deleted than used another name in the binding and it worked great.
Good luck!
I've had this issue and the problem was that the binding was wrong, there was a "space" after the url.
Check your bindings for any wrong characters and if there's anything else wrong with it.
I've had this issue with Octopus Deploy.
It turned out the issue was with the binding where it had an extra space at the end of the hostname when setting up the project in Octopus.
You can also see this from the applicationhost.config in C:\Windows\System32\inetsrv\Config
This message can be caused by a malformed application name in the applicationHost.config file in C:\Windows\System32\inetsrv\config.
For example, I had a "\" in an application name which, once removed, eliminated the error.
This problem can be caused by setting the "Host name" to a number. The "Host name" needs to contain at least 1 letter.
I've had this error message before when I was using an automated build and deployment system (TeamCity with Octopus deploy). It turned out that the port number I'd specified for IIS in the Octopus Deploy variables was too high.
From what I could find on this web site the highest port number IIS will accept is 65535.
I have an ASP.NET website running on Windows Server R2 in a corporate network, using Windows Authentication.
The app pool of the website is using a domain account and in Integrated pipeline mode.
The authentication is set Windows Authentication, all other authentication modes are disabled.
However, this does not work. Every time I access the website, it pops up a dialog asking for user name and password. I enter the correctly domain user name and password, but it does not continue--the windows pops up again. After three times, it fails and displays a white page. I tried with many different browsers, bu all of them fail. I asked some colleagues to try and they all got failure, too.
I cannot figure out why this error is happening and tried many ways to fix it with no luck. I think it is very strange. However, finally I found a way to fix this problem, this is the most strange part of the problem: I edit the "Physical path" in "Basic Settings" of the website, I just point it to another healthy website, for instance, %SystemDrive%\inetpub\wwwroot, then I try to browse the website, very good, it runs well and displays the default page (iisstart.htm). It looks like it is not very helpful, but then I change the physical path back to my website; suddenly everything goes well -- the windows authentication works! I do not know why it helps, but I am happy with this result -- it fixes my problem though I do not know what the heck is happening.
The happy time is always short, several days later, the server got some patches and restarted, the website can't work again. And again, I can fix the problem using the trick above.
I do not like this! I do not like doing this stupid trick every time IIS resets or the server restarts.
Is there anyone who has some ideas on why windows authentication fails, and why the aforementioned trick can fix it, and why after an IIS reset it fails again?
First off, THANK YOU for creating this post. I have the exact same issue and could not find anyone else without posting the obvious fixes that were of no avail to me. I had been working on this for almost two weeks
To assist the next poor soul that encounters this issue and post, I hope my extra tidbits help.
Your initial solution did not fix my issue in my case, but it did prove that it was custom error page related. After pasting in your code into web.config my problem got worse and I was not able to debug or launch the page (had 500 internal server error related to web.config)
BUT finally what I did was go into the IIS Console and remove all of my custom error pages. It still did not work as had hoped. BUT, I also found entries for ASP.NET ".NET Custom Errors" in the top half of the site console (and the "custom errors" tag in web.config). I had old entries in there and removed them via console, and YESSSS, my site came back to normal with Windows Authentication.
I have since recreated the IIS Custom Errors and I am still up and running as designed.
SO to anyone else that may have this issue, check both ASP.NET Custom Errors AND IIS Custom Errors settings. Maybe there is a conflict, I dont know, but in my case having only the IIS pages set fixed me up (for now :-) )
I just found it seems caused by custome 401 error pages under "Error Pages". I set it to execute an URL when the status code is 401 in my web.config, it looks like:
<httpErrors errorMode="Custom">
<remove statusCode="401" subStatusCode="-1"/>
<error statusCode="401" path="/Error/AccessDenied" responseMode="ExecuteURL"/>
</httpErrors>
Then every time I reset IIS and try to access this website, the problem appears. If I delete it in Web.Config or delete from IIS console, then the problem disappears, what is more funny is another experiment: after I deleted this settings and have been successful opening the website, I added this setting back. Everything works very well. Every domain user can access this website, those that failed passing authorization get the customer error page.
So my solution now is I removed this setting in my Web.Config, every time I reset IIS or restart the server, the server admin need to hit the website first, and then add this customer error page in IIS console.
I feel this is a bug of II7.5 on Windows Server 2008 R2.
I was also struggling with this same issue all my day. I am using windows authentication and Custom error setting in web.config for 401 errors.
After I reset the IIS, the website stop accepting domain users and windows authentication pop up reappear again and again.
I added remove tag in the web.config file with Sub status code.
<httpErrors>
<remove statusCode="401" subStatusCode="-1" />
<remove statusCode="401" subStatusCode="1" />
<error statusCode="401" subStatusCode="-1" path="/Custom401.aspx" responseMode="ExecuteURL" />
<error statusCode="401" subStatusCode="1" path="/Custom401_1.aspx" responseMode="ExecuteURL" />
</httpErrors>
Previously remove tag was only present for substatus code -1 but missing for sub status code "1" . After i added it, everything started woking properly.
In the above post, substatus code is missing for error tag, that could be the cause of the problem. There should be remove tag for all 401 errors there.
I just spent a couple of hours digging up a solution to this problem.
Why IE fails yet the other browsers succeed: IE tries to use Kerberos authentication and the other browsers don't try. The others use NTLM.
Solution: In the situation described in the question, a domain account was being used in the App Pool. Simple solution: switch to using the "Network Service" account. More complex solution: You have to register a service principal name (SPN). Read this article (ignore the fact that it is talking about IIS 6 because it also works fine on IIS 7 and 7.5) - You receive an "HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials" error message when you try to access a Web site.
I hope this helps. It gave me a headache until I stumbled upon that article. (Thanks to Paul Lynch who posted the link Windows Authentication Failing in IE8 but not Firefox)
I had this same problem on my Windows 2008 R2 server. I did not have custom 401 error pages. I did use aliased server names (via DNS CNAME records and host header entries on the IIS bindings). I registered the SPNs for Kerberos as suggested, but that did not solve the problem. I resolved it by disabling "Kernel Mode Authentication" (click on the server in the IIS tree -> double-click on Authentication under the IIS group -> click on Windows Authentication -> click on Advanced Settings on the Actions pane -> Uncheck the checkbox -> click OK -> run iisreset). The information on that dialog box recommends against disabling Kernel Mode Authentication when using non-standard service accounts for the application pool identity, but that didn't apply to us since we're using the standard ApplicationPoolIdentity identity.
I had the same issue.. Turnes out I should not have messed with my hostfile.. I changed my hostfile and pointed some fancy address to my machine like so:
www.givemeyourcredentials.com 127.0.0.1
I added a binding to the site "www.givemeyourcredentials.com". I typed in the addres in my addressbar and the site prompted my credentials as expected.. Typed in my credentials and got prompted for my credentials again.. And again and again and again..
Turns out: Bind your website to http://localhost when using windows authentication in an IIS site. That did the trick for me.
Hope this helps somebody...
Add "NT Service\trustedInstaller" to physical folder of the site. Location for this user is local machine name.
The NTLM protocol that is used for Integrated Windows authentication requires a two-step process to authenticate clients. The behavior that is mentioned in the "Symptoms" section occurs when the following conditions are true:
The application pool recycles after the first step of the Integrated Windows authentication process.
However, the application pool recycles before the second step of the Integrated Windows authentication process.
To work around this behavior and to reduce the frequency of these error messages, configure the application pool to recycle less frequently. To configure application pool recycling, follow these steps:
Click Start, click Run, type inetmgr, and then click OK.
Expand the name of the computer on which you want to configure application pool recycling, and then expand Application Pools.
Right-click the application pool that you want to configure, and then click Properties.
On the Recycle tab, configure one of the metrics so that IIS recycles less frequently.
Note IIS 6 application pools support several metrics. These metrics include the time elapsed, the number of requests, and the specified time to recycle an application pool. If an application pool has a metric that causes the application pool to recycle frequently, you will experience this issue more frequently.
Click OK.
[ Copied from https://support.microsoft.com/en-us/kb/902160 for posterity ]
On one dev machine, the standard method for enabling SharePoint debugging is not working. From c:\inetpub\wwwroot\wss\VirtualDirectories\80\web.config:
<SharePoint>
<SafeMode MaxControls="200" CallStack="true" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false">...</SafeMode>
...
</Sharepoint>
<system.web>
<customErrors mode="Off" />
<compilation batch="true" debug="true">...</compilation>
...
</system.web>
But I still get the standard completely useless SharePoint errors:
Unknown Error
Troubleshoot issues with Windows SharePoint Services.
I know the error is an Exception being thrown by a custom web part I'm writing, but I can't find anywhere that logs the stack trace. Enabling call stacks is my only hope right now and I'm completely lost. Is it possible that there's another setting or overriding web.config entry I need to set?
Thanks!
OK, so that this might someday help someone else - here's the answer. It turns out that yes, there is a web.config in the layouts directory:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS
which was overriding the setting for the particular SharePoint URL I was testing against.
It's not enough to turn on debug & turn off custom errors. You actually have to add the SharePoint block in if it's missing, something like this:
<SharePoint>
<SafeMode MaxControls="200" CallStack="true" DirectFileDependencies="10" TotalFileDependencies="50" AllowPageLevelTrace="false" />
</SharePoint>
I have classic ASP running on IIS 7.
Even though I configured the ASP "Debugging Properties" to "Send Errors to Browser = True", the web app REFUSES to send errors to the browser and continues to send a 500 internal server error.
My browser has "Show Friendly HTTP Error Messages" unchecked.
Failed Request Tracing is installed (not sure if that's related)
Happens both on web pages loaded locally on the server and remotely
The App Pool is integrated (not sure if that matters)
Any ideas?
Try :
Internet Information Services (IIS) Manager —> Default Web Site —> Click Error Pages properties and select Detail errors
I was having the same issue with a Classic ASP app running in a subfolder of a site. I had enabled detailed errors and the 500 was still showing. My resolution was to enable parent paths in the ASP section in IIS for the site as the application was referencing the parent folder using "../":
I had this occuring on a Classic ASP application running in a subfolder of a site. The solution was:
IIS > Click into your Site > Click into your Application folder > Error Pages > Edit Feature Settings > set to: Detailed Errors
IIS Manager >> double click the ASP icon to open the ASP page. Expand the Debugging Properties node and set Send Errors To Browser to True.
Refer : http://www.chestysoft.com/asp-error-messages.asp
If your website is configured to connect to the physical path of the website as a specific user, instaed of using pass-through authentication, you may get this error if there is a permissions error with this user. It may also be necessary to restart the Windows Process Activation Service and then restart IIS.
If you are hosting the project in a shared environment then you can use the following snippet to view the errors.
<configuration>
<system.webServer>
<httpErrors errorMode="Detailed" />
</system.webServer>
<system.web>
<customErrors mode="Off" />
<compilation debug="true" />
</system.web>
Refer this URL for complete information http://blogs.iis.net/rickbarber/working-past-500-internal-server-error
Hope it helps someone
I had a 500 error with an ASP Classic application I had just installed on a new server (Windows 2019). Every URL on the application returned 500, no matter what. But no errors were being shown in the Windows event log, and despite configuring detailed errors, as mentioned in several the other answers here, no specific error was being displayed in the browser.
The only clue was in the IIS logs, which showed the HTTP status code as 500, and the IIS substatus code as 19. So a 500.19 error.
That led me to
and the specific issue I was having was answered by the second part of this section:
https://learn.microsoft.com/en-us/troubleshoot/iis/http-error-500-19-webpage#hresult-code-0x80070005
which says:
Don't configure the website to use UNC pass-through authentication to
access the remote UNC share. Instead, specify a user account that has
the appropriate permissions to access the remote UNC share.
and (this is the part I needed to do):
Grant the Read permission to the IIS_IUSRS group for the
ApplicationHost.config or Web.config file. To do it, follow these
steps:
In Windows Explorer, locate the folder that contains the
ApplicationHost.config file that is associated with the website, or
locate the virtual directories or the application directories that
contain the Web.config file that is associated with the website.
Note
The Web.config file may not be in the virtual directories or the
application directories in IIS. Even in this situation, you have to
follow these steps.
Right-click the folder that contains the ApplicationHost.config file,
or right-click the virtual or application directories that may contain
the Web.config file.
Select Properties.
Select the Security tab, and then Select Edit.
Select Add.
In the Enter the object names to select box, type
\IIS_IUSRS, select Check Names, and then select OK.
Note
is a placeholder for the computer name.
Select the Read check box, and then select OK.
In the Properties dialog box for the folder, select OK.
Note
Make sure that the folder properties are inherited by the
ApplicationHost.config and Web.config files so that IIS_IUSRS has the
Read permission for those files.