Search code examples
powershelliisweb-administration

FileLoad Exception when attempting to alter IIS site configurations through powershell

I'm trying to set up an installation PS script to handle the installation and configuration of two application pools/sites. The creation is handled correctly, and it adjusts the 32-bit applications property fine, but I hit the following error once I try to enable parent paths:

System.IO.FileLoadException: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

My code is below - assume all variables are initialized elsewhere. I've tried adding a -Location specification, to no avail. I've also tried changing the applicationHost.config settings to 'Allow' on the module front.

New-WebAppPool app1
New-WebAppPool app2 

#Creates a new webapplication under Default Web Sites
New-WebApplication -Name app1 -Site 'Default Web Site' -PhysicalPath $srcPath -ApplicationPool app1 
New-WebApplication -Name app2 -Site 'Default Web Site' -PhysicalPath $MCCPath -ApplicationPool app2 #ALT ID:001

Set-Location IIS:\;

#Sets app1's app pool to enable 32 bit.
Set-ItemProperty -Path IIS:\AppPools\app1 -Name enable32BitAppOnWin64 -Value true #ALT ID:001

#Sets ASP enable parent path to true (THIS is where it throws the error)
Set-WebConfigurationProperty -PSPath 'IIS:\Sites\Default Web Site\app1'  -Filter system.webServer/asp -Name enableParentPaths -Value $true #ALT ID:001
Set-WebConfigurationProperty -PSPath 'IIS:\Sites\Default Web Site\app2'  -Filter system.webServer/asp -Name enableParentPaths -Value $true #ALT ID:001
    
#Sets AnonymousAuthentication to use app pool identity
Set-WebConfigurationProperty -PSPath 'IIS:\Sites\Default Web Site\app1' -Filter System.WebServer/Security/Authentication/AnonymousAuthentication -Name username -Value "" -Location MyLocation #ALT ID:001
Set-WebConfigurationProperty -PSPath 'IIS:\Sites\Default Web Site\app2' -Filter System.WebServer/Security/Authentication/AnonymousAuthentication -Name username -Value "" -Location MyLocation #ALT ID:001

#Sets Windows AD user as pass thru within app pools
Set-ItemProperty -Path IIS:\AppPools\app1 -Name processModel -Value @{userName = "$usrName";password="$usrPswd";identitytype=3} #ALT ID:001
Set-ItemProperty -Path IIS:\AppPools\app2 -Name processModel -Value @{userName = "$usrName";password="$usrPswd";identitytype=3} #ALT ID:001

Edit: Got it. See answer.

Solution

  • In C:\Windows\System32\inetsrv\config, there is a config file titled 'applicationHost.config'. Within that, the .asp section's overrideModeDefault needs to be changed from "Deny" to "Allow". This resolved the issue.

    Now I just have to figure out how to get powershell to make THAT change. Changing the command to

    Set-WebConfigurationProperty -PSPath MACHINE/WEBROOT/APPHOST -Location 'Default Web Site/app2' -Filter System.WebServer/Security/Authentication/AnonymousAuthentication -Name username -Value ""  #ALT ID:001

    also did the trick.