IIS 7.5 and Tomcat Setup: Error 500.19

Question

I am setting up a 64-bit IIS 7.5 / Tomcat 7.0.26 server and I have received the following errors when I navigate to http://localhost -

Error Summary

HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Detailed Error Information

Module  IIS Web Core
Notification    BeginRequest
Handler Not yet determined
Error Code  0x80070021
Config Error    This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File \\?\C:\Folder\apache-tomcat-7.0.29\jk\web.config
Requested URL   http://localhost:80/jakarta/isapi_redirect.dll
Physical Path   C:\Folder\apache-tomcat-7.0.29\jk\isapi_redirect.dll
Logon Method    Not yet determined
Logon User  Not yet determined

Config Source (Line 4 is highlighted in red)

3:     <system.webServer>
4:         <handlers accessPolicy="Read, Execute, Script" />
5:     </system.webServer>

I'm guessing that the problem is that the web.config file (which is mentioned in the Config source error) is written incorrectly. Can anybody confirm this? I Haven't been able to find an sample web.config files to go off of.

I copied the entire jk folder (which includes the isapi_redirect.dll, isapi_redirect.properties, uriworkermap.properties, web.config and workers.properties) from another server that is working, however the configuration of that server is different, as it was originally set up to run Tomcat in a different way.

Answer 1

The clue to solving this is in the error message (IIS is really good at explaining 500.19 errors which is nice):

This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

What this is saying is that you can't specify a configuration section change (in this case <handlers accessPolicy="Read, Execute, Script"> in your web.config file.

You can resolve this by unlocking this section at the site level using the following command:

appcmd unlock config "[SITENAME]" -section:handlers /commit:apphost

Where [SITENAME] is the name of the site where your TomCat bits are installed.

You can also do this in IIS7's Management Console:

1. Navigate to the site and launch the Configuration Editor applet/feature:

   

2. In the Configuration Editor select system.webServer/handlers from the Section list box and ApplicationHost.config <location path="[SITENAME]" /> from the From: listbox then click Unlock Section:

   

The /commit:apphost switch in the command line version and the ApplicationHost.config <location path=... location in the GUI version ensures that this section is unlocked in IIS's applicationHost.config file rather than in your web.config. This means it's less likely to be undone by a slip of the keyboard when someone edits the web.config file`.

Under the bonnet what this adds is a <location> element that looks like:

<location path="[SITENAME]" overrideMode="Allow">
    <system.webServer>
        <handlers />
    </system.webServer>
</location>

However, before doing that I'd try removing the offending line in your web.config file first, but I suspect that isapi_redirect.dll needs to be executable.