IIS Error – The requested page cannot be accessed – How to Fix How to fix "The requested page cannot be accessed because the related configuration data for the page is invalid" error in IIS

IIS URL Rewrite: redirect di più nomi di dominio su un singolo hostname

Among the many obscure permissions-related IIS errors, this one definitely deserves a honorable mention:

HTTP Error 500.19 – Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
The Detailed Error Information section gave a bit more information:

According to the MS Knowledge Base, such error has NINE (!) possible causes, which makes hard to understand what went wrong. Luckily enough, the most common scenario is fairly simple: most of the time, when you see something like this, it means that you tried to add a new web.config section which is locked at a parent level.

For example, it could be the <requestFiltering> section, just like in the example below:

Or the <rewrite> section, which is also a sub-element of the <system.webServer> block:

… or any other web.config section.

The Cause

The IIS locking mechanism is well-explained in this KB article and it’s basically a good thing, since it allows the administrators to lock and unlock specific configuration settings at the server level – which is a key thing to do, in terms of security, in many scenarios – for example, when you’re hosting a shared environment.

The locking (and unlocking) of the various sections can be issued by using the <location> element. By using it, you can:

  • Lock specific elements and attributes
  • Lock everything except specific elements or attributes
  • Lock specific collection directives such as the <add>, <remove>, and <clear> directives
  • Lock specific elements in collections

And so on.

The Solution

By default, most IIS-specific web.config sections (such as <rewrite>, <windowsAuthentication> and so on) are locked down by default. If you’re getting the HTTP Error 500.19 above, it most likely mean that you need to unlock one (or more) of them. This can be done in two ways:

  • By manually editing the applicationHost.config file.
  • By using the Feature Delegation interface within the IIS Manager GUI.

applicationHost.config

The applicationHost.config file is located within the following path:

To unlock a section, move its content from its current location in the file to the bottom of the file and put it inside a <location overrideMode=”Allow”> element. It’s worth noting that you can either unlock the section for all applications on the server or for specific paths/sites. For example, by doing this:

You will unlock the <authentication> section for all applications. Alternatively, you can specify a path on the location tag, so that the section will be unlocked only for this path.

IIS Manager

Starting from IIS 7, MS added a neat Feature Delegation feature at the root (computer) level of IIS Manager that can be conveniently used to lock/unlock most of the sections from within the GUI. Once you click on the icon, a modal window will show a list of IIS sections/features and their current override setting: each of these features can be changed to Read/Write, Read Only, or Not Delegated for your convenience. You can even pick the Reset to Inherited option to remove any customization.

IIS Error - The requested page cannot be accessed - How to Fix

Each feature’s context menu also includes a Custom Site Delegation option that allows the settings to be changed per site (such as the Default Web Site). Pretty neat, isn’t it? Using the GUI is definitely more practical than manually editing the applicationHost.config file.

 

RELATED POSTS

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies.

View all posts by Ryan