Tech Off Thread

6 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

HTTP Error 500.19 - Internal Server Error.Config Error Cannot read configuration file due to insufficient permissions

Back to Forum: Tech Off
  • User profile image
    Surendiran Bala

    We have developed ASP.NET (4.0 Framework) web application named as SampleWebApp  and deployed in IIS7.

    Instead of placing the web application for deployment in Inetput folder of the Server we are placing it in sharepath of another server. 

    Below are the details for the scenario: 

    Server Name where IIS is installed : xyz1000 

    Physical Sharepath  where we place the published ASP.NET Application :\\xyz1111\SharePath\ SampleWebApp  

    Authentication Mode : Windows 

    In the AppPool Identity we have tried with ApplicationPoolIdentity,NetworkService,LocalService and LocalSystem 

    we are getting the below error when we request Default.aspx of the SampleWebApp Application 

    ***Error Summary****

    HTTP Error 500.19 - Internal Server Error

    The requested page cannot be accessed because the related configuration data for the page is invalid. Detailed Error Information

    Module IIS Web Core

    Notification BeginRequest

    Handler Not yet determined

    Error Code 0x80070005

    Config Error Cannot read configuration file due to insufficient permissions 

    Config File \\?\UNC\xyz1111\SharePath\SampleWebApp\web.config

    Requested URL http://xyz1000:80/SampleTestApp/Default.aspx 

    Physical Path \\xyz1111\SharePath\SampleWebApp\Default.aspx 

    Logon Method Not yet determined

    Logon User Not yet determined 

    Config Source

       -1:

        0:

     When i googled for solution people are suggesting to add IIS_IUSRS to the folder (ie \\xyz1111\publisedWebApp

    So I right the folder SampleWebApp in the path \\xyz1111\SharePath\SampleWebApp\Default.aspx and clicked on properties -> Security->Edit Add after i enter  IIS_IUSRS  to check for names it says the object not found. 

    So i went to check such user in computer Mangement of the server xyz1000 where IIS  had been installed there is no such user but i can see such GROUP. 

    But i dont know how to resolve this issue. Please help. 

    When i put some sample application in the Inetpub folder of the server machine xyz1000 where IIS had been installed it worked fine. 

    But when i put the application in shared path \\xyz1111\publisedWebApp its not working

    Please help

  • User profile image
    cheong

    If both web server are in the same domain, create a domain account.

    If both server does not join any domain, create a user with same username and password on both machine.

    I'll refer to the account created on the above step as [UserA].

    Now grant full access (both folder permission and share permission) to [UserA] on the shared folder. (.Net folder monitor requires full right to monitor the web.config file)

    On the IIS, create a new application pool and assign your web application to it. Change the account of that application pool to [UserA].

    If nothing goes wrong, you should be able to see.

    P.S.: If both machine has joined domain but not in the same domain, either ask your domain administrator to create federation trust across the domains or you are toast.

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    blowdart

    Why are you hosting the app on a network drive in the first place? You run into all sorts of interesting CAS problems doing that.

    ApplicationPoolIdentity,NetworkService,LocalService and LocalSystem are all LOCAL accounts - so of course they can't see network resources.

    But using a domain account wouldn't be best practice here, best practice is have your web code on the local machine, so you can limit the app pool permissions.

  • User profile image
    cheong

    @blowdart:Actually, when an application running under NetworkService account on a machine joined domain want to access a remote share, it attempts to login as the machines "machine account". If the remote share is set to grant access to that, it may succeed in getting the files.

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    blowdart

    , cheong wrote

    @blowdart:Actually, when an application running under NetworkService account on a machine joined domain want to access a remote share, it attempts to login as the machines "machine account". If the remote share is set to grant access to that, it may succeed in getting the files.

    Oh! I did not know that!

  • User profile image
    mariawelborn

    If nothing seems to work it might be because you are trying to run 32 bit assemblies on a 64 bit server or vice versa. 

    I just wasted 4 hours in this same error. 
    What i'd done is set my .NET complication settings to specify "x86" instead of "Any CPU" 
    and put it in a 32 bit app pool thinking it would work.

    Turns out you cannot run both 32 and 64 bit applications on the same instance of IIS.
    Solution? For me at least change the "Enable 32-bit applications" setting in the AppPool to Advanced Settings to false and then go back to Visual Studio and Change the build configuration back to "Any CPU", do clean solution, then build and copy the new site files to the server and it worked.

    Lesson learnt: don't mess around with the advanced settings - leave them on the defaults, especially if you don't understand what they actually do, like me ;)

    Hope this helped someone not waste time trying to do the impossible. 

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.