IIS 7 and Above
Cannot read configuration file due to insufficient permissions HTTP E...
Last post Jan 30, 2011 11:31 AM by HCamper
Jan 28, 2011 09:48 AM|svibuk|LINK
in windows 7 which has asp.net application it was working fine , but by mistake i made some changes & i ge the below error
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Not yet determined
Cannot read configuration file due to insufficient permissions
but still the same error
Jan 28, 2011 01:16 PM|Hades666|LINK
The worker process identity (Your application Pool User) and/or the IIS_IUSRS group needs at least Read access to the directory as well as the web.config file.
After adding the rights for this user to the directory, let it inherit down to the web.config and try again. If you still experience the same access denied, then i would suggest running the
Process Monitor tool to trace the “Access Denied” error when accessing that file. You will be able to see who is trying to access it.
At that point you can grant the appropriate access to the folder/config file.
Jan 30, 2011 09:46 AM|topspy|LINK
You need to grant permissions on the entire CRM
directory, for asp.net application, network service this user should be included in permission setting.
Jan 30, 2011 11:31 AM|HCamper|LINK
Hello @ Topspy,
A correction to preserve security for the Web Server & System:
You should avoid granting "This,The User" as general,generic permissions
instead you grant rights to the "IUSR","IIS_USERS" at (ACLS),Server a limited level of rights of Read,Execute,List.
The "Network","Network Service" accounts should br added only if you have code that
requires the older model,mode of database access.
For this CRM situation you should only apply permissions
on a per directory level.
The "Admin" directories section of a CRM solution should have the least
number of generic permissions granted at tthe (ACLS),server to
prevent a brute force attack by a potential "Hacker"! The better permissions for the "Admin" section is
the "Administrator","Root","Authenticated User" acounts only!