Article ID: 934515 - View products that this article applies to.
Consider the following scenario:
HTTP Error 500.19 - Internal Server Error
Description: The requested page cannot be accessed because the related configuration data for the page is invalid.
Error Code: 0x8007052e
Module: IIS Web Core
Requested URL: URL
Physical Path: Physical_Path
Logon User: Not yet determined
Logon Method: Not yet determined
Handler: Not yet determined
Config Error: Cannot read configuration file
Config File: \\?\UNC\Configuration_File_Path
IIS 6.0 uses the hosting worker-process identity to connect to a remote directory. Then, IIS 6.0 authenticates the user against the remote directory. However, IIS 7.0 introduces delegation scenarios. In IIS 7.0, you can delegate Web-site settings and application-level settings to a Web.config file.
For pass-through authentication, the Web.config file is stored in a UNC directory. Therefore, the default-process identity in IIS 7.0 must examine the Web.config file first to determine whether any security-related settings must be applied before the authentication process starts. The default-process identity in IIS 7.0 does not have sufficient permissions to open the Web.config file. Therefore, the Web request is rejected.
If there is no Web.config file in the UNC directory, IIS 7.0 uses the rules that are defined for the parent directory. For the Web content to be served in this scenario, the worker-process identity must have access to the whole content directory. Otherwise, the Web request is rejected.
To resolve this behavior and to make sure that pass-through authentication works correctly, follow these steps:
To work around this behavior, configure the Web site to connect to the UNC directory by using a specific user account. When the Web site uses a specific user account, the worker process impersonates the specified user identity.
Contact us for more help
Connect with Answer Desk for expert help.