CMon 19.8 installed with IIS Web Server (all currently supported IIS versions for OS's that the CMon 19.8 supports, so that would be IIS versions 8.5, and 10.0) shows 'HTTP Error 500.19 - Internal Server Error, and Error Code 0x80070021', on load in your web browser for any page or link associated with the installed CMon; if this IIS related issue exists you will find you cannot get to the login page, or any CMon web page without it showing an error immediately. This has been seen after a fresh install of CMon 19.8.1325 only if during the install you chose IIS Web Server as the web server choice, and the installed OS is Server 2012 R2, 2016, 2019, or 2022.
If CMon 19.8 was installed with the IIS Web Server configuration option and when you load the 'NovaBACKUP CMon' shortcut your web browser displays a 'HTTP Error 500.19 - Internal Server Error', and Error Code 0x80070021, then this is a how-to resolve that issue. If you install CMon with IIS Web Server this issue can be seen where the CMon is unable to load even the log in / default web page. It is sometimes necessary to perform the resolution provided in this article on modern operating systems including Windows Server 2012 R2, 2016, 2019 and 2022. Note: An additional IIS Module and IIS Handler Mapping was added to the supplied web.config file starting in CMon 19.8, so this issue probably was not seen in older versions of CMon prior.
Video (hosted on YouTube), that shows this issue in real-time after performing a clean install of Server 2022 with IIS and IIS6 Compatibility, and then installing CMon 19.8.1325.1, and then attempting to load the NovaBACKUP CMon via website shortcut:
For this specific CMon website not able to load any web page issue, the full error is seen as:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module IIS Web Core
Notification BeginRequest
Handler Not yet determined
Error Code 0x80070021
Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File \\?\C:\inetpub\wwwroot\web.config
This is the 'HTTP Error 500.19 - Internal Server Error' error that you may see after installing CMon (normally this would be seen for a clean install where CMon was not in place prior on the same system):
The reason this issue is seen in CMon 19.8 installed with IIS (IIS versions 8.5 and 10.0 are confirmed) but was not seen prior in CMon 19.7 and older versions installed with the same IIS version(s), is likely due to one reason, an IIS 'WebDAV' Module was added in 19.8 in web.config, to resolve an issue found in CMon 19.8. CMon 19.7 and prior versions, had no Modules at all in the web.config file. That is likely what is causing this to be needed now, for the modules to be unlocked at the parent / root (machine level) for IIS configuration. Although why the delegation for Handler Mapping have to be set to Read/Write now as well as for Modules is still unknown, as 19.7 utilized the same ASP.NET Core Handler Mapping in its web.config, as 19.8 uses. Our thinking is that due to the 19.8 web.config containing both Handler Mappings AND a Module now, that having both of those items in web.config requires the unlocking of both items at the parent / root (machine level) for IIS configuration, where prior that was not required for CMon 19.7 and older.
In this Notepad++ session, the 19.8.1325 web.config file contents are seen in the top half, and in the bottom half, the 19.7.409 CMon web.config file contents are seen (the web.config file exists by default in C:\Program Files (x86)\NovaStor\NovaBACKUP Central Management Console\WebRoot\Web\, if IIS specified as the web server, which we recommend):
Note: I have added this bit of info to the KB article, just so you can see the difference if comparing the two web.config files, original 19.7 web.config versus new 19.8 web.config, for the file contents.
These are the IIS 'Feature Delegation' settings (they are the default delegation settings) in IIS Manager (IIS Manager 10.0 version), where the Handler Mappings and Modules items are set to Delegation are set to Read Only. This is what is not allowing the web.config file that comes with CMon 19.8 to process the single module and the single Handler Mapping that it contains to load CMon 19.8, and why you get the above 'HTTP Error 500.19 - Internal Server Error' which means
To resolve the issue there are two known methods of resolution to take here to fix this issue. Warning!: Both methods of resolution discussed may incur a potential security risk, as the workaround applies to all Web Sites hosted in IIS on the computer hosting CMon; please read the full warning at the bottom of this guide. The first may be the easiest to manage since it all done via the IIS Manager GUI. For this resolution method # 1, go to Start Menu and find 'IIS Manager' and load it, then go to the root level web server, right under 'Start Page', in this case that is the name of our computer where IIS is installed on 'QA-VMS-2022HV', and then double-click on 'Feature Delegation' and once the list of features are shown you can mark the two Handler Mappings and Modules items for Delegation setting as Read/Write:
Resolution method # 2 is that you can accomplish the same thing via an Admin Command Prompt, to unlock the modules and the handlers web server configuration settings at the parent / root (machine level) using these two commands:
The resolution method # 2 commands to issue via an Admin Command Prompt are:
1. Parent / root (machine level) configuration unlock for web site permission for modules and handlers items in IIS, run these two commands and the message on each should be that it unlocked the section:
%windir%/system32/inetsrv/appcmd.exe unlock config /section:system.webserver/modules
%windir%/system32/inetsrv/appcmd.exe unlock config /section:system.webserver/handlers
Other commands which may or may not work depending on the version of OS and IIS:
2. Unlock only a particular web site / web server that is hosted in IIS on this machine (requires the above parent / root
(machine level) configuration to be unlocked prior to using the custom delegation web site specific commands!):
In this case we unlock the configuration just for the "Default Web Site", if other web sites hosted in IIS, then they should
not be affected by the unlocked config (possibly to be less secure):
%windir%/system32/inetsrv/appcmd.exe unlock config "Default Web Site" /section:system.webserver/modules
%windir%/system32/inetsrv/appcmd.exe unlock config "Default Web Site" /section:system.webserver/handlers
3. To lock the configuration at the parent / root (machine level) level then you can utilize this command, but it has
been seen to break CMon 19.8+ versions immediately if you do lock at the root level like this:
%windir%/system32/inetsrv/appcmd.exe lock config /section:system.webserver/modules
%windir%/system32/inetsrv/appcmd.exe lock config /section:system.webserver/handlers
4. To lock the configuration per individual web site (if you have multiple sites) then you can utilize this command. However,
it has been seen to break CMon 19.8+ versions immediately if you in addition to this also lock at the root level (via the
above command):
%windir%/system32/inetsrv/appcmd.exe lock config "Default Web Site" /section:system.webserver/modules
%windir%/system32/inetsrv/appcmd.exe lock config "Default Web Site" /section:system.webserver/handlers
Note: It is unknown if the set of commands 2 through 4 can work, depending on the version of OS and version of IIS utilized, so best just to stay with utilizing the first set of commands in "1.", for this second resolution method, or utilize the first resolution method which was IIS Manager GUI.
Note: IIS 8.5 that comes with Server 2012 R2 also has the same issue described above with out of the box default OS and IIS settings, as seen here after a clean install of Server 2012 R2 and IIS Web Server component, prior to performing any Windows Updates, which means is likely the same issue will occur with installing CMon 19.8 without changing delegation permissions from Read Only to Read/Write at the parent / root (machine level) for CMon web pages to be able to load. This issue has been confirmed to also affect Server 2012 R2 with IIS 8.5, no Windows Updates, for a fresh install of CMon 19.8 or an upgrade from a working CMon 19.7 install results in the error below. It is suspected that this issue will affect all supported OS and IIS versions that CMon 19.8 currently supports, and since the internal stand-alone web server is no longer supported, you are required to utilize IIS for the web server now (the oldest supported OS is Server 2012, which comes with IIS 8.0, as seen in the NovaBACKUP 19.8 System Requirements document, in the CMon section):
The two highlighted IIS 8.5 Feature Delegation settings, seen in IIS Manager app, which are set to Read Only by default in IIS 8.5 (as well as in IIS 10.0 and 8.0 it seems after much testing), are required to be set to Read/Write, which either of the two workaround methods detailed in this how-to guide show you how to set, one easy method is to right-click on each of the two items and set them to Read/Write via IIS Manager, and then reload the CMon web page in your browser:
WARNING!: Both workaround resolution methods discussed may incur a potential security risk, as the workaround applies to all Web Sites hosted in IIS on the computer hosting CMon;. The unlock at the parent / root level needs to be kept in place and cannot be set per hosted website and then locked again at the parent / root level (the later breaks CMon), from what we can see so far in testing all of the commands noted in workaround # 2. Implementing the unlock for system.webserver/handlers and system.webserver/modules at the parent / root (machine level), which both workarounds do, could open a security risk as it affect every web site hosted in IIS on the machine in question. There must have been a reason why Microsoft chose to lock the configuration at the parent / root (machine level) at least for Server 2019 and 2022 with IIS 10.0. It may be that unlocking the root (machine level) IIS configuration for system.webserver/handlers and system.webserver/modules like both of the workarounds in this guide would implement and require to have in place for the CMon website to load. For future releases of CMon, we will also look into other methods that would work.