Diagnosis: HTTP Error 500.19 - Internal Server Error : The requested page cannot be accessed because the related configuration data for the page is invalid

by Scott 25. September 2013 13:16

I've encountered this error twice in the past month, with the second time being too far into development to start over with a clean slate. So after looking into the cause and solution, I thought I'd post my findings here.

I was configuring a web server with multiple sites on it, ranging in technologies from .NET to ColdFusion to straight html. The content was moved to the server and then the various IIS sites were set up. During this second step (IIS configuration) IIS7 places a web.config file at the root of each site. The web.config file is basically a skeleton file which will contain any unique configurations you choose for the specific site (such as special Handler Mappings, etc.). 

IIS will access this file whenever the web site is requested, regardless of whether the site is .NET or not, and regardless of whether the web.config contains any relevant settings for the site or not. (For example, the web.config is created even for ColdFusion sites which have their own "config" files, and IIS will consult this web.config *prior* to reading any other config files.)

Since IIS creates this web.config file, certain permissions are assumed and implemented by IIS. The 500.19 error above occurs when subsequent site configurations conflict or overwrite these permissions.

In my particular scenario, after setting up the sites in IIS and assuring that all the sites were working correctly, we began to set up the permissions we intended for user groups. The first step in this is creating Shares on relevant folders/directories. You can initiate this in one of two ways, both through the Right-click context menu. Right clicking on the target folder/directory will display both a "Share With" menu option (we'll call this option C) and the "Properties" option.

Let's first talk about the folder Properties option. Within the "Sharing" tab there are actually two ways of creating shares, the seemingly "default" option (option A in the graphic) and the "advanced sharing" option (B in the graphic). If you take a moment and go back to the "Sharing" option C mentioned above, you'll notice that it is the same as option A here, the "default" method.

In a nutshell, if you use option A or C to create a share on a root directory of an IIS site, certain permissions are automatically removed (unbeknownst to you) which make IIS unable to read the web.config file it created. In particular, these Share creation methods remove the "Creator Owner" and "Users" groups from the folder's security list (pictured below). If the folder in question is a subdirectory of the root (in which the web.config resides) the removal of these permissions may not cause any problems. But if the security items are removed from a parallel or parent directory of the web.config, the entire site will become inaccessible and the dreaded 500.19 error will display. 

And of course, simply removing the problematic share will not restore the removed permissions. If you are lucky, your OS will place a tiny lock icon on the folder, indicating that certain shared properties remain in place even though all other indications suggest there is no share. That lock icon occurs *because* the Creator Owner and Users groups have been removed, and these removals will continue to block IIS's access to the web.config file.

So at this point, the only remedy (other than to remove and then recreate the site and its web.config through IIS) is to restore the security permissions for the Creator Owner and Users groups. If you have googled this problem, you will find recommendations to *add" permissions on the web.config file for the IUSR and IIS_IUSR groups. This will only partially restore what the Share creation removed, since IUSR and IIS_IUSR are members of the removed groups. 

In my scenario, I opted to restore the original permissions rather than pursue a more fragmented solution of adding specific rights to specific files. Since my sites are load balanced across several servers, the more uniform (and basic) the site configurations, the better. 

So this is how you can solve the problem once it occurs. But what about the inevitable situation when more shares must be created in the future? Well, fear not.

Using Share creation option B above will NOT result in the removal of these security permissions. And will not interfere with existing IIS permissions (unless you explicitly remove them).

So in the future, just remember to use the Advanced Sharing option to avoid potential headaches and wasted time.

Here's the actual error:

HTTP Error 500.19 - Internal Server Error

Description: The requested page cannot be accessed because the related configuration data for the page is invalid.

Module: IIS Web Core

Notification: Unknown

Handler: Not yet determined

Error Code: 0x80070005 

Config Error: Cannot read configuration file due to insufficient permissions

Config File: \\?\ C:\Inetpub\wwwroot\web.confi

Requested URL: http://localhost

Physical Path: C:\Inetpub\wwwroot

Logon User: Not yet determined

Logon Method: Not yet determined

Error code 0x80070005 can be translated to mean: "E_ACCESSDENIED - General access denied error"

Tags: , , ,


Load Balancing Servers with Multiple Sites

by Scott 25. September 2013 10:15

The past couple weeks I have been migrating our dev, test and prod environments to new servers. The new test and prod environments are load balanced, whereas dev is not. We have 34 web sites, each with their own domain. I ran across a difference in the way these are set up on load-balanced versus non-load-balanced scenarios and thought I would mention it here.

On the non-load-balanced scenario (dev) the external DNS records for the various domains all point to the server's external IP address. Within IIS, however, each site is set up to point to the server's single internal IP address with the Host Name corresponding to the sites domain (url). Within IIS7, this is all accomplished within the "Bindings" options.

For the load-balanced systems, I intiially set out to do the same thing: External DNS records pointing to the external IP of the load balancer, with the separate sites on each load-balanced server pointing to the internal IP address of their respective server.  For example, let's say the load balancer is assigned IP xxx.100. It balances three servers assigned xxx.101.xxx102 and xxx.103. The external DNS records for the various site domains all point to xxx.100. Under the non-load balanced scenario above, each collection of sites would bind to the IP of it's respective server. One collection to xxx.101, another to xxx.102 and so on.


The discovery was that under the load balanced scenario, each collection (each site on every server) must bind to the external IP of the load balancer. So whether an IIS site exists on balanced server 101 or 102 or 103, the IIS binding must point to xxx.100. All differentiation amongst domain requests are handled via the IIS Host Header Names. This actually makes the maintenance of multiple (mirrored) servers less of a hassle, since it allows the IIS settings from one balanced server to be exported and implemented on the other servers handled by the load balancer. Each server's IIS configuration is identical to the others. 


Tags: ,


Plants In My Yard - Part Two

by SDF 2. August 2013 07:32

More things growing in my yard...

Filipendula [species?]

Type: Perennial herbaceous

This particular plant was/is quite difficult to identify with specificity. I am confident it belongs to the filipendula genus, but the exact species eludes me. The closest species I can find is the "Red Umbrella" which looks identical to this, but rather than dark green tones along the leaf veins, the Red Umbrella has slight crimson tones (only along the veins). The Red Umbrella is a hybrd of Filipendual palmata and Filipendula multijuga by a Japanese botanist. Neither the palmata nor multijuga has a compelling resemblance to my plant. This can grow to about three feet and apparently blooms in small pink flowers at its top, though I have not seen any blooms during the two weeks I have observed thus far (mid-to-late July). This is definitely intentionally planted and is a common offering at nurseries throughout the Midwest. It can also go by the common name "Meadowsweet", but that name seems to apply to various species of Filipendula, most of which have completely different leaf shape and flowers.

Japanese Maple
Acer palmatum / Japanese: Momiji

Type: Deciduous tree

This is undoubtedly my favorite tree/plant in the yard. It is currently bright green and flourishing, but I am expecting some very nice colors when Autumn arrives. Japanese Maple usually grow to 25-30 feet, and eventually take on a dome-like shape. They can appear radically different from one another, to the point that saplings from one tree can differ in color an d leaf size from the parent. My neighbors, for example, have a couple shrub-sized versions which appear purplish throughout the summer. Mine stands much taller and is exclusively light green at this point. There is only one in the yard, but this is definitely something I'd like to add more of once the time and energy makes its debut.



Plants In My Yard - Part One

by SDF 1. August 2013 07:29

I have set out to identify the many and varied plants which are creating a jungle-like atmosphere in my yard. At this point, I haven't a clue as to which plants are undesirable weeds, which are desirable/tolerable weeds and which are intentionally planted yard flora. Here I will attempt to identify them one by one with as much detail as I can gather. I assume at some future point, I will decide what to do with this information, but in the meantime, let's learn about some plants!

Creeping Charlie
Glechoma hederacea
(aka Nepeta glechoma or Nepeta hederacea)

Type: Broadleaf Perennial

Creeping Charlie is a creeping ivy in the mint family. It grows to 4 inches tall and in patches of several feet wide. Originally found in Europe and southwestern Asia, it now permeates North America (with the exception of the Rocky Mountains). It has been historically used for tea, medicine and food (salads) and thus was intentionally brought to the New World by early settlers. It spreads like wild fire and so is often considered a weed, though many plant it intentionally for decorative ground cover. It blooms in blue or purple funnel-shaped flowers and grows in large patches which can take over portions of the yard. It survives mowing and grows will in either shade or full sun. It is unusually sensitive to boron (or borax) should you wish to attack it.

Chenopodium berlandieri
(aka Pitseed Goosefoot)

Type: Broadleaf Annual

Lamb's-Quarters is a herbaceous plant in the goosefoot family. It generally grows to 4 feet tall and 18 inches wide, but can be found up to 9 feet tall. There are several strains of this plant, but it is generally recognizable through its scalloped leaves and its whitish hue at the plant's apex and leaf underside. It is widespread throughout North America and found in every state except Hawaii. It is said to have been among the domesticated crops of the prehistoric and Woodland eras in North America and continues to be grown in Mexico for its roots. Lamb's-Quarters is considered by many to be a "weed" while others intentionally cultivate it in their gardens for salads and what-not. It blooms in small white flowers along a broccoli-like stalk. It is an "annual" plant which means it generally dies in winter. It persists due to the seeds dropped during its flowering cycle.

Coleus - Lime
Solenostemon scutellarioides
(aka Coleus Versa Lime)

Type: Broadleaf/Ornamental Annual

This "coleus" plant is quite a strange bird. The entire "coleus" genus is now defunct, with its various species redistributed in the Solenostemon genus and elsewhere. Solenostemon comes in a vast variety of mixed colors and relatively differing appearances. "Scutellarioides" means "shield-shaped" and refers to the shape of the plant's variegated leaves. It is native to south east Asia and Malaysia where is blooms colorfully as a perennial. There are several species which can grow in the colder climates, such as the one pictured here. In colder climes, these are considered annuals. Mine is obviously singular in color - lime green to exact, and remains so throughout its life span. There are "coleus life lime" and "coleus versa lime" sold in nurseries nearby. I believe mine is the latter. Coleus generally grows to about three feet high but can reach upwards to six. It is basically the no-brainer of garden plant, requiring very little effort from the gardener. This and its vibrant green color are apparently its only redeeming values. As the local nursery's site says: "Neither the flowers nor the fruit are ornamentally significant". On the upside, certain varieties of solenostemon scutellarioides (in particular Coleus blumei) are said to have hallucinogenic effects when ingested and were apparently used by the Mazatec Indians of southern Mexico to talk to the wolves, as Carlos Casteneda used to say. (Or as I say, "Coleus Blumei Mind!")



The start of a new personal site

by SDF 26. July 2013 14:20

I decided to start a new personal site. The original is www.foutz.net. That site utilizes ColdFusion, some PhP, and the MovableType blogging software. Customizing MovableType involved a lot of proprietary language/functions which, in the end, was fun. But I was ready for a change.

This new site will utilize exclusively ASP.NET and C#.Net. I am using BlogEngine.Net, an open source, .NET-driven blogging software package. As time goes by I'll be learning, customizing and adding to it. It will be a good playground for experimenting in .NET web development.

I'm not sure what will happen to foutz.net, but I imagine I will likely migrate all its content to this domain, and eventually redirect foutz.net traffic to this new domain.   

There have been a lot of changes lately. New IT reorganization at work, the move to the new house, and new/renewed ideas about the future. Maybe this new site is a reflective microcosm of what is going on at the larger scale. Or maybe I'm just goofing off.  

Tags: ,


Did You Know...?

"Bad guys poop in the road." 

~ says Max


<<  April 2014  >>

View posts in large calendar

Powered by BlogEngine.NET - Eco Theme by n3o Web Designers