IIS 6 Administration
|
|
Maintaining and troubleshooting IIS web servers requires detailed understanding of HTTP error messages, IIS logging, event lots, and other aspects of Windows Server 2003. This chapter covers these topics and also provides tips on troubleshooting different aspects of IIS operation.
HTTP Error Messages
HTTP error messages are a subset of more general messages called HTTP status codes. These status codes are returned in the response headers when a web browser requests a page from a web server, and every HTTP response includes one of these status codes whether the request is successful or not. Before we look at HTTP error codes, how they can be customized in IIS, and how they can be used for troubleshooting purposes, let’s first look at these status codes.
HTTP Status Codes
HTTP status codes are defined in the HTTP/1.1 specification, which is defined in RFC 2616. Full details of these codes can be found on the World Wide Web Consortium website at www.w3c.org; what follows here is only a brief summary.
HTTP status codes are three-digit numbers that are divided into five classes as shown in Table 13-1.
Code | Class | Description |
---|---|---|
1xx | Informational | Used for experimental purposes only. Not used by real-world web servers. |
2xx | Successful | Client request was successfully received and understood. |
3xx | Redirection | Client needs to take further action to fulfill the request. |
4xx | Client Error | An error has occurred at the client. |
5xx | Server Error | An error has occurred at the server. |
The following are a few examples of actual HTTP status codes for these different classes:
-
200 OK The client request has succeeded and contains the information requested by the client. For example, a web page is returned from the web server in response to an HTTP GET request by a client browser.
-
301 Moved Permanently The URL for this page has moved permanently, and the client is being automatically redirected to the new location.
-
403 Forbidden The server refuses to fulfill the request. This typically happens because the client cannot be authenticated by the server or has insufficient permissions to access the requested page.
-
500 Internal Server Error An unexpected condition has occurred on the server and it cannot fulfill the client’s request.
Viewing HTTP Status Codes
HTTP status codes are returned to the client by the server with every response sent, but they are normally only seen on the client when an error occurs, either on the client side (4xx error) or server side (5xx error). However, you can display the status code for any response by using Telnet as your client and entering the client’s HTTP headers manually. This makes Telnet a good tool for troubleshooting unusual problems with web servers, but it requires a good understanding of the syntax of HTTP headers.
As an example, let’s use Telnet to request the home page default.asp of an ASP application for the Default Web Site of an IIS server that has an IP address of 172.16.11.210. If you need to review how to use the Telnet client on the Windows Server 2003 platform, turn back to Chapter 11, “Working from the Command Line.”
Start by opening a command prompt on another Windows machine on your network. Type telnet and press ENTER to start the Telnet client. When using Telnet to send HTTP headers directly to the web server, it will help if you turn on Local Echo so that you can see the headers you type. To do this at the Telnet prompt, type set LOCAL_ECHO and press ENTER.
Now open a connection to the web server on port 80 by typing open 172.16.11.210 80 and pressing ENTER. The command-prompt window should go blank once the connection has been established with the web server because the web server is now waiting for you to enter your HTTP request.
Now type the following:
GET /default.asp HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 Host: 172.16.11.210
Note the blank line at the end—this is important because it indicates to the server that your HTTP request is finished and can now be processed. The lines of this request are interpreted as follows:
-
Line 1 The client is requesting the file default.asp located in the root directory of the requested web (host). The client also informs the server that it supports version 1.1 of the HTTP protocol.
-
Line 2 The client will accept any MIME types from the server. If the client wanted to be more specific, it could provide a list of MIME types it can understand, such as text/html, image/gif, and so on, but */* is easier to use here unless you’re troubleshooting MIME-type issues.
-
Line 3 The client is compatible with the Mozilla/4.0 web browser standard. Version 4 and higher of Internet Explorer comply with this standard. You could be more specific and add information indicating exactly what version of IE the client is using, but that’s superfluous unless you’re troubleshooting version-related client problems.
-
Line 4 The client is requesting the website listening at 172.16.11.210, which in this example is the Default Web Site on the IIS machine.
-
Line 5 The blank line at the end signals to the client that all the headers of the HTTP request have been submitted, and the server should now attempt to process the request.
Here’s a typical response from the server:
HTTP/1.1 200 OK Date: Wed, 15 Jan 2003 21:08:38 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 277 Content-Type: text/html Set-Cookie: ASPSESSIONIDQSQRBBAR=MIANHFOCCKHOOIMJDPINGBLC; path=/ Cache-control: private <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>My First ASP Page</title> </head> <body> Hello World! The current date and time are: 1/15/2003 3:08:38 PM.<BR>The result of our calculation is: 210 </body> </html> Connection to host lost. Press any key to continue...
Note the status code of 200 in the first line of the response generated by the server. This indicates that the request was successful and is being fulfilled by the server in the remaining lines of the response. The lines beginning <html> are the HTML code for the requested file, which are generated dynamically by the ASP application.
Notice also that at the end of the response the server terminates the TCP connection with the client. You can instead keep the connection open at the end by adding the following line to your request headers immediately after the Host line:
Connection: Keep-Alive
Another useful tool for troubleshooting HTTP connections is Wfetch.exe, which can be used to display the headers in HTTP Request and HTTP Response packets sent between web browsers and web servers. Wfetch.exe can be downloaded for free from Microsoft's website. Its operation is explained in Knowledge Base article 284285 on the Microsoft Product Support Services (PSS) website at support .microsoft.com.
This takes advantage of the support for HTTP 1.1 Keep-Alives by IIS 6 and makes communications between the client and server more efficient by reducing the overhead of creating and tearing down TCP sessions for each request.
One more example, this time of a bad request and the resulting response:
GET /default.asp HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 HTTP/1.1 400 Bad Request Content-Type: text/html Date: Wed, 15 Jan 2003 21:39:48 GMT Connection: close Content-Length: 39 <h1>Bad Request (Invalid Hostname)</h1>
This time you left out the header specifying the name or IP address of the host (website) where the requested page resides, and the web server responds with an “HTTP 400—Bad Request” status code. IIS also returns additional information indicating that the problem was an Invalid Hostname, which is helpful.
Tip | You can find more about HTTP headers in the HTTP/1.1 specification referred to at the beginning of this section. Another useful tool is Network Monitor, an optional component of Windows Server 2003 that can be used for capturing HTTP traffic and studying it. |
Common HTTP Error Messages
It’s important to have a thorough knowledge of HTTP error messages and their status codes for troubleshooting problems with IIS, so I’ll summarize some of the more common ones you will encounter. First, client (4xx) errors:
-
400 Bad Request The server can’t understand the request, usually because the syntax of the URL is wrong.
-
401 Unauthorized The request requires authorization of the user’s credentials, and the credentials offered are not accepted.
-
403 Forbidden The server refuses to fulfill the client’s request for various reasons, even though the client’s credentials may have been successfully authenticated.
-
404 Not Found The server doesn’t have the requested file or it’s located in a directory path that the client has not specified properly.
-
405 Method Not Allowed The client issued an HTTP GET request for a file that requires an HTTP POST request, or something similar.
-
406 Not Acceptable The client has sent the server a list of supported MIME types in the request headers, but the file requested is of a type not supported by the client and won’t be sent.
-
407 Proxy Authentication Required Similar to 401 Unauthorized, but indicates the client must first authenticate itself with the proxy server before the web server can respond.
-
410 Gone The requested file is no longer present on the server, and the server has no knowledge of where it now resides. (If the server knew its new location, it could automatically redirect the client to the new location using a 301 or 307 status code in its response.)
The list of common server (5xx) errors is smaller:
-
500 Internal Server Error Something has gone wrong on the server (this message can mean a lot of different things).
-
501 Not Implemented The client is requesting the server use an HTTP method that it currently does not have implemented.
-
502 Bad Gateway The server is acting as a gateway for another server upstream from it, and the upstream server has sent an invalid response.
-
503 Service Unavailable The client is requesting a service that the server is currently unable to provide.
Substatus Error Codes
Many HTTP 4xx and 5xx status codes aren’t very informative. For example, 500 Internal Server Error doesn’t tell the client anything at all about why the server didn’t return the desired response. To make it easier to troubleshoot connection problems between web browsers and IIS, Microsoft has extended the industry-standard HTTP status codes with a more granular set of proprietary substatus error codes. For example,
500.13 Internet Server Error - Server Too Busy
indicates that the server is too busy to respond to the client’s request, because of bandwidth throttling, connection limits, or some other condition.
Table 13-2 shows a comprehensive list of HTTP error messages with substatus codes that are used by the IIS 6 platform.
Status Code | Substatus Code | Default Error Message |
---|---|---|
400 | None | Bad Request |
401 | 1 | Unauthorized—Logon failed |
2 | Unauthorized—Logon failed due to server configuration | |
3 | Unauthorized—Unauthorized due to ACL on resource | |
4 | Unauthorized—Authorization failed by filter | |
5 | Unauthorized—Authorization failed by ISAPI/CGI app | |
7 | Unauthorized—Denied due to URL Authorization policy | |
403 | 1 | Forbidden—Execute access denied |
2 | Forbidden—Read access denied | |
3 | Forbidden—Write access denied | |
4 | Forbidden—SSL required | |
5 | Forbidden—SSL 128 required | |
6 | Forbidden—IP address rejected | |
7 | Forbidden—Client certificate required | |
8 | Forbidden—Site access denied | |
9 | Forbidden—Too many users | |
10 | Forbidden—Invalid configuration | |
11 | Forbidden—Password change | |
12 | Forbidden—Mapper access denied | |
13 | Forbidden—Client certificate revoked | |
14 | Forbidden—Directory listing denied | |
15 | Forbidden—Client Access Licenses exceeded | |
16 | Forbidden—Client certificate untrusted or ill-formed | |
17 | Forbidden—Client certificate has expired or is not yet valid | |
18 | Forbidden—Cannot execute request from this application pool | |
19 | Forbidden—CGI access denied | |
20 | Forbidden—Passport login failed | |
404 | None | Not Found |
2 | Not Found—Denied due to Lockdown Policy | |
3 | Not Found—Denied due to MIMEMAP Policy | |
405 | None | Method Not Allowed |
406 | None | Not Acceptable |
407 | None | Proxy Authentication Required |
412 | None | Precondition Failed |
414 | None | Request—URI too long |
415 | None | Unsupported Media Type |
500 | None | Internal Server Error |
12 | Internal Server Error—Application restarting | |
13 | Internal Server Error—Server too busy | |
15 | Internal Server Error—Direct requests for GLOBAL.ASA forbidden | |
16 | Internal Server Error—UNC access error | |
17 | Internal Server Error—URL Authorization store not found | |
18 | Internal Server Error—URL Authorization store cannot be opened | |
19 | Internal Server Error—Bad file metadata | |
100 | Internal Server Error—ASP error | |
501 | None | Not Implemented |
502 | None | Bad Gateway |
503 | None | Service Unavailable |
Custom HTTP Error Messages
In its default out-of-the-box configuration, IIS returns only the following default HTTP errors:
-
403;14 Forbidden—Directory listing denied
-
500 Internal Server Error
-
500;100 Internal Server Error—ASP error
-
501 Not Implemented
-
502 Bad Gateway
For all other HTTP errors, IIS returns a custom error message instead of the default messages shown in Table 13-2. These custom error messages have two advantages over the default ones:
-
They are more informative and often provide tips on what might have gone wrong and how to troubleshoot the problem.
-
They can be customized by the IIS administrator, for example, by adding a company logo and Help Desk phone number for users to contact.
To customize HTTP error messages in IIS, right-click the Web Sites node in IIS Manager and select Properties. Then select the Custom Errors tab (Figure 13-1).
The Custom Errors tab displays a list of HTTP errors used by IIS. By default, most of these are custom error messages that are implemented as HTML pages stored in the \Windows\Help\IISHelp\Common directory. By editing these HTML files with Notepad (if you know HTML) or Microsoft FrontPage (or some similar editor), you can customize them to meet the needs of your organization.
Note | The location of custom error message files has changed from IIS 5 to this new version of IIS. |
If you prefer that default (HTTP/1.1 standard) error messages are returned to users instead of the “friendly” custom ones used by IIS, you can configure IIS to do this by selecting an error message from the list on the Custom Errors tab and clicking the Default button. This will cause IIS to send the default message for that error condition instead of the more detailed custom one. If you wish your server to return only default HTTP error messages, hold down the SHIFT key, select all of the message from the list, and click Default.
Another option for error messages is to redirect the user to a URL pointing to a different site or server when an error condition arises. To do this, select an error message from the list and click Edit. This opens the Edit Custom Error Properties for the particular error message you’ve selected (Figure 13-2).
By using the Message Type list box on this properties sheet you can select any of three ways for implementing this error message:
-
Default Uses the standard HTTP/1.1 error message, short and terse.
-
File Uses a custom error message implemented by an HTML file.
-
URL Redirects to a URL where the error message resides.
Note Configuring the Custom Errors tab obeys the usual IIS feature of inheritance of properties sheets settings. In other words, configuring this at the Web Sites level causes the configuration to be inherited by all websites, virtual directories, and files under it. You can configure Custom Errors at the global (Web Sites), site, directory, and file level.
Examples of Custom and Default Messages
To see how the user will experience the difference between friendly HTTP error messages and the default ones, try this. Create a default.htm page and place it in the home directory of a website on your IIS machine. Open the URL for the site (for example, using its IP address) in Internet Explorer to verify that the page displays properly. Now open the properties sheet for the default.htm page in IIS Manager, select the File tab, clear the Read check box to deny Read access to the page, and click Apply. Try to open the page again in IE, and you should get the custom 403.2 error message shown in Figure 13-3.
Now switch to the Custom Errors tab of the properties sheet for the default.htm file, select the 403.2 error message in the list box, click Default to change from custom to default message for this error, and click Apply. Refresh your browser window, and you will now get the considerably less verbose error message shown in Figure 13-4.
Custom HTTP Error Messages In Detail
Some of the error messages shown in Table 13-2 are fairly self-explanatory, but others are somewhat obscure, and it’s not always clear what steps could be taken to troubleshoot the condition that produced them. To help you use IIS friendly error messages for troubleshooting purposes, the following subsections summarize the important content displayed by each of these messages. This information is not included in the Help file for IIS, so it’s useful to include it here. A couple of things to note about this reference section:
-
The first error listed is the generic “The page cannot be displayed” error that can appear when IIS is misconfigured in certain ways or when Internet Explorer tries to access a site that doesn’t exist. This error is not accompanied by an HTTP status code.
-
In addition to the text of the various IIS custom errors listed in these sections, I’ve added “Additional Troubleshooting Tips” at the end of some of these subsections to help you determine what might have generated the error.
IIS sometimes returns generic error messages (messages without substatus codes) when it responds to certain error conditions. For example, when a client tries to access a file that has a file extension that is not in the MIME map for the web server, you would expect a 404.3 Not Found—Denied due to MIMEMAP Policy error to be returned to the client, but instead IIS returns a standard 404 Not Found error. This is a security measure to reduce the attack surface on the web server by preventing malicious users from gaining knowledge about the server’s configuration from detailed error messages.
So what use are custom error messages if they are sometimes (as in the case of 404.2 and 404.3, for example) replaced by generic ones instead? The answer is that when IIS returns an HTTP error message to the client, it also logs the error in the web logs for the site (if web logging is enabled and W3C Extended Logging is being used), and substatus codes like 404.3 are included in these logs to provide administrators with full details about such events. I’ll talk about web logging in the section “Web Logging.”
The Page Cannot Be Displayed
The page you are looking for is currently unavailable.
Please try the following:
-
Click the Refresh button, or try again later.
-
If you typed the page address in the Address bar, make sure that it is spelled correctly.
-
To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP).
-
If your Network Administrator has enabled it, Microsoft Windows can examine your network and automatically discover network connection settings. If you would like Windows to try and discover them, click Detect Network Settings.
-
Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed.
-
If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0.
-
Click the Back button to try another link.
Cannot Find Server or DNS Error
Additional Troubleshooting Tips:
-
This error typically occurs when the client spells the domain name of the website incorrectly in the requested URL.
-
This error can also occur when the port number of the website has been changed from its standard setting of port 80 to some nonstandard port number, and the client, being unaware of this change, tries to access the site using the default port number (which it always does when the URL contains no explicit port number).
-
This error can also occur if the website has been paused or stopped for maintenance by the administrator.
400 Bad Request
The page that you are looking for might have been removed, had its name changed, had its content expired, or be temporarily unavailable.
Please try the following:
-
Make sure that the website address displayed in the Address bar of your browser is spelled and formatted correctly.
-
If you reached this page by clicking a link, contact the website administrator to alert them that the link is incorrectly formatted.
-
Click the Back button or open the home page for this website and look for other links to the information that you want.
HTTP Error 400—Request is badly formed.
Additional Troubleshooting Tips
-
When this request is returned, a simple “Bad Requests (explanation)” page is returned to the client instead of the friendly (custom) HTTP error message configured for IIS for this error.
-
Usually this is caused by a problem with the client. Web browsers like Internet Explorer can often detect a problem with URL syntax and automatically fix it before submitting the request to the web server, and problems with mistyped URLs usually result in “404 File Not Found” errors instead of a 400 error. However, if you use Telnet as a client for troubleshooting IIS and don’t type the HTTP headers exactly as required, 400 errors will result.
-
On some web servers, using spaces in URLs can generate 400 errors, but Internet Explorer automatically substitutes “%20” for spaces typed in URLs and 404 errors generally result.
-
This error can also result when the Default Web Site has its IP address changed from All Unassigned to an address that is not the address shown on the TCP/IP properties sheet, but is instead one of the additional addresses shown on the IP Settings tab of the Advanced TCP/IP properties sheet. This means, of course, that the IIS machine has multiple IP addresses assigned to it. The error returned in this case is “Bad Request (Invalid Hostname).”
401 You Are Not Authorized to View This Page
You do not have permission to view this directory or page using the credentials that you supplied.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 401—Unauthorized: Access is denied due to invalid credentials.
Additional Troubleshooting Tips
-
This message will also be returned if the credentials submitted are for a nonexistent user account.
-
If mappings are configured between .NET Passports and user accounts in Active Directory, this error will be returned if a mapping fails.
401.1 You Are Not Authorized to View This Page
Same as the preceding 401 error.
401.2 You Are Not Authorized to View This Page
You do not have permission to view this directory or page using the credentials that you supplied because your web browser is sending a WWW-Authenticate header field that the web server is not configured to accept.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 401.2—Unauthorized: Access is denied due to server configuration.
Additional Troubleshooting Tips
-
This error occurs when trying to access a remote virtual directory with the wrong credentials. It only works for authentication schemes that support delegation of credentials for authentication. Integrated Windows Authentication does not support such delegation.
-
This error will also be returned if no authentication methods are configured for the site being accessed.
401.3 You Are Not Authorized to View This Page
You do not have permission to view this directory or page due to the access control list (ACL) that is configured for this resource on the web server.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 401.3—Unauthorized: Access is denied due to an ACL set on the requested resource.
Additional Troubleshooting Tips
-
This error usually means NTFS permissions are set incorrectly on the requested file.
401.4 You Are Not Authorized to View This Page
You might not have permission to view this directory or page using the credentials that you supplied. The web server has a filter installed to verify users connecting to the server and it failed to authenticate your credentials.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 401.4—Unauthorized: Authorization failed by filter installed on the web server.
401.5 You Are Not Authorized to View This Page
The URL you attempted to reach has an ISAPI or CGI application installed that verifies user credentials before proceeding. This application cannot verify your credentials.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 401.5—Unauthorized: Authorization failed by an ISAPI/CGI application.
401.6 You Are Not Authorized to View This Page
The credentials that you supplied for this URL cannot be verified at this time because the authorization scope associated with the URL cannot be found on the web server.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 401.6—Unauthorized: URL authorization scope was not found on the server.
401.7 You Are Not Authorized to View This Page
You do not have permission to view this directory or page due to the URL Authorization policy set on the web server.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 401.7—Unauthorized: Access denied by URL authorization policy on the web server.
403 You Are Not Authorized to View This Page
You do not have permission to view this directory or page using the credentials that you supplied.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 403—Forbidden: Access is denied.
Additional troubleshooting tips
-
This error will be returned if a client tries to directly access ASP.NET configuration files such as machine.config. This is to prevent users from accessing sensitive information stored within these files.
-
This error will also occur if there are no authentication methods configured for a site.
403.1 The page cannot be displayed
You have attempted to execute a CGI, ISAPI, or other executable program from a directory that does not allow programs to be executed.
Please try the following:
-
Contact the website administrator if you believe this directory should allow execute access.
HTTP Error 403.1—Forbidden: Execute access is denied.
Additional Troubleshooting Tips
-
Check the Execute Permissions on the Home Directory tab for your site to make sure they are configured properly. CGI and ISAPI applications generally require this property set to Scripts and Executables, while ASP applications need it set to Scripts Only instead.
403.2 The Page Cannot Be Displayed
There is a problem with the page you are looking for and it cannot be displayed. This error can occur if you are trying to display an HTML page that resides in a directory that is configured to allow Execute or Script permissions only.
Please try the following:
-
Contact the website administrator if you believe this directory should allow Read access.
HTTP Error 403.2—Forbidden: Read access is denied.
Additional Troubleshooting Tips
-
Check the Home Directory tab for the website to make sure Read permission is enabled. Also, if necessary, check the Virtual Directory tab for a file within a virtual directory and the File tab for the file itself for the same setting, in case web permissions were configured at a lower level, overriding site level settings.
403.3 The Page Cannot Be Saved
There is a problem saving the page to the website. This error can occur if you attempt to upload a file or modify a file in a directory that does not allow Write access.
Please try the following:
-
Contact the website administrator if you believe this directory should allow Write access.
HTTP Error 403.3—Forbidden: Write access is denied.
Additional Troubleshooting Tips
-
This error can occur when using WebDAV or FrontPage to upload pages to a site if permissions are set incorrectly for the site.
-
It can also occur when trying to upload files to FTP sites when Write permission is disabled for the site.
403.4 The Page Must Be Viewed over a Secure Channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).
Please try the following:
-
Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4—Forbidden: SSL is required to view this resource.
403.5 The Page Must Be Viewed with a High-Security Web Browser
The resource you are trying to access is secured with a 128-bit version of Secure Sockets Layer (SSL). In order to view this resource, you need a browser that supports this version of SSL.
Please try the following:
-
Contact the website administrator if your web browser does support 128-bit encryption, or if you believe you should be able to view this directory or page.
-
Upgrade your web browser to a version that supports 128-bit encryption.
HTTP Error 403.5—Forbidden: SSL 128 is required to view this resource.
403.6 You Are Not Authorized to View This Page
The web server you are attempting to reach has a list of IP addresses that are not allowed to access the website, and the IP address of your browsing computer is on this list.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
HTTP Error 403.6—Forbidden: IP address of the client has been rejected.
Additional Troubleshooting Tips
-
Check the IP Address and Domain Name Restrictions list on the Directory Security tab for the site to make sure the client’s IP address is not blocked from accessing the site.
403.7 The Page Requires a Client Certificate
The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the web server will recognize. The client certificate is used for identifying you as a valid user of the resource.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page without a client certificate, or to obtain a client certificate.
-
If you already have a client certificate, use your web browser’s security features to ensure that your client certificate is installed properly. (Some web browsers refer to client certificates as browser or personal certificates.)
HTTP Error 403.7—Forbidden: SSL client certificate is required.
403.8 You Are Not Authorized to View This Page
The web server you are attempting to reach has a list of DNS names that are not allowed to access this website, and the DNS name of your browsing computer is on this list.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
HTTP Error 403.8—Forbidden: DNS name of the client is rejected.
Additional Troubleshooting Tips
Check the IP Address and Domain Name Restrictions list on the Directory Security tab for the site to make sure the client’s DNS domain name is not blocked from accessing the site.
403.9 The Page Cannot Be Displayed
The web server is too busy to process your request at this time.
Please try the following:
-
Click the Refresh button, or try again later.
HTTP Error 403.9—Forbidden: Too many clients are trying to connect to the Web server.
Additional Troubleshooting Tips
This error will be returned if Connection Limits has been enabled and configured globally for the web server, and the configured limit has been exceeded by the client’s request. This will occur regardless of the Connection Limits configured for individual sites on the server.
403.10 You Are Not Authorized to View This Page
You have attempted to execute a CGI, ISAPI, or other executable program from a directory that does not allow programs to be executed.
Please try the following:
-
Contact the website administrator if you believe this directory should allow execute access.
HTTP Error 403.10—Forbidden: Web server is configured to deny Execute access.
403.11 You Are Not Authorized to View This Page
You do not have permission to view this directory or page using the credentials that you supplied.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try again with different credentials.
HTTP Error 403.11—Forbidden: Password has been changed.
403.12 The Requested Page Requires a Valid SSL Client Certificate
The account to which your client certificate is mapped on the web server has been denied access to this website. A Secure Sockets Layer (SSL) client certificate is used for identifying you as a valid user of the resource.
Please try the following:
-
Contact the website administrator to establish client certificate permissions.
-
If you already have a valid client certificate, use your web browser’s security features to ensure that your client certificate is installed properly. (Some web browsers refer to client certificates as browser or personal certificates.)
-
Change your client certificate and click the Refresh button, if appropriate.
HTTP Error 403.12—Forbidden: Client certificate is denied access by the server certificate mapper.
403.13 The Page Requires a Valid SSL Client Certificate
Your client certificate was revoked, or the revocation status could not be determined. A Secure Sockets Layer (SSL) client certificate is used for identifying you as a valid user of the resource.
Please try the following:
-
Contact the website administrator to establish client certificate permissions or to obtain a new certificate.
HTTP Error 403.13—Forbidden: Client certificate has been revoked on the web server.
403.14 Directory Listing Is Denied
The web server is configured not to display a list of the contents of this directory.
Please try the following:
-
Contact the website administrator if you believe this directory should allow browsers to display a list of its contents.
HTTP Error 403.14—Forbidden: Directory listing denied.
Additional Troubleshooting Tips
This error commonly occurs when there is no default document and the Directory Browsing setting has not been enabled on the Home Directory tab for the site. If you enable Directory Browsing, you must also enable Read web permission on the same tab or a “403.2 Forbidden—Read Access Is Denied” error will be returned.
403.15 The Page Cannot Be Displayed
There are too many people accessing the website at this time. The web server has exceeded its Client Access License limit.
Please try the following:
-
Click the Refresh button, or try again later.
HTTP Error 403.15—Forbidden: Client access licenses have exceeded limits on the Web server.
403.16 The Page Requires a Valid SSL Client Certificate
Your client certificate is untrusted or invalid. A Secure Sockets Layer (SSL) client certificate is used for identifying you as a valid user of the resource.
Please try the following:
-
Contact the site administrator to establish client certificate permissions.
-
If you already have a valid client certificate, use your web browser’s security features to ensure that your client certificate is installed properly. (Some web browsers refer to client certificates as browser or personal certificates.)
-
Change your client certificate and click the Refresh button, if appropriate.
HTTP Error 403.16—Forbidden: Client certificate is ill-formed or is not trusted by the Web server.
403.17 The Page Requires a Valid SSL Client Certificate
Your client certificate has expired or is not yet valid. A Secure Sockets Layer (SSL) client certificate is used for identifying you as a valid user of the resource.
Please try the following:
-
Contact the site administrator to establish client certificate permissions.
-
If you already have a valid client certificate, use your web browser’s security features to ensure that your client certificate is installed properly. (Some web browsers refer to client certificates as browser or personal certificates.)
-
Change your client certificate and click the Refresh button, if appropriate.
HTTP Error 403.17—Forbidden: Client certificate has expired or is not yet valid.
403.18 Cannot Execute Request from the Current Application Pool
The specified request cannot be executed in the application pool that is configured for this resource on the web server.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
HTTP Error 403.18—Forbidden: Cannot execute requested URL in the current application pool.
403.19 Cannot Execute CGI Applications in the Current Application Pool on the Web Server
The configured user for this application pool does not have sufficient privileges to execute CGI applications.
Please try the following:
-
Contact the website administrator if you believe you should be able to execute CGI applications.
HTTP Error 403.19—Forbidden: Cannot execute CGIs for the client in this application pool.
403.20 Passport Login Failed
The Passport logon server returned an error to the website during logon.
Please try the following:
-
Contact the website administrator if you believe you should be able to view this directory or page.
-
Click the Refresh button to try to login again via Passport.
HTTP Error 403.20—Forbidden: Passport logon failed.
404 The Page Cannot Be Found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Please try the following:
-
Make sure that the website address displayed in the address bar of your browser is spelled and formatted correctly.
-
If you reached this page by clicking a link, contact the website administrator to alert them that the link is incorrectly formatted.
-
Click the Back button to try another link.
HTTP Error 404—File or directory not found.
404.1 The Website Cannot Be Found
The website you are trying to access has an IP address that is configured not to accept requests that specify a port number.
Please try the following:
-
Make sure that the website address displayed in the address bar of your browser is spelled and formatted correctly.
-
If you reached this page by clicking a link, contact the website administrator to alert them that the link is incorrectly formatted.
-
Click the Back button to try another link.
HTTP Error 404.1—File or directory not found: website not accessible on the requested port.
Additional Troubleshooting Tips
-
This error is returned only when the IIS machine has multiple IP addresses and the client is requesting a URL for an IP address that is not used by IIS. For example, if the machine has addresses 172.16.11.210 and 172.16.11.211 and the Default Web Site is specifically assigned the first address and is the only website on the machine, then a request for the URL http://172.16.11.211 will return a 404.1 error. The client receives a generic 404 error in this case; but if W3C Extended Logging is configured on the server, a 404.1 event will be logged accordingly.
404.2 The Page Cannot Be Found
The page you are requesting cannot be served due to the web service extensions that are configured on the web server.
Please try the following:
-
Contact the website administrator to alert them that they have not enabled the necessary web service extensions.
HTTP Error 404.2—File or directory not found: Lockdown policy prevents this request.
Additional Troubleshooting Tips
-
This error commonly occurs when the necessary web service extensions have not been enabled for a web application. This includes ASP, ASP.NET, ISAPI, and CGI apps. It can also occur if a client tries to access an application that uses server-side includes, tries to upload files using WebDAV, or tries to manage content on a site using FrontPage Extensions if these features have not been enabled on the server.
-
If you have a CGI app and have enabled web service extensions for them (or for “all unknown CGI extensions”) but have not assigned the user account under which the CGI app runs the proper rights, this error will be returned. To assign an account for CGI the proper rights, make it a member of the IIS_WPG group on the server and assign it the “adjust memory quotas for a process” and “replace a process level token” user rights.
-
If you have an application extension that is not mapped in IIS, client requests for this application will return this error. To map an application extension for an application, open the properties sheet for the website where the application resides, select the Home Directory tab, click Configuration, select the Mappings tab, and click Add. Refer back to Chapter 8, “Creating and Configuring Applications,” for more information.
404.3 The Page Cannot Be Found
The page you are requesting cannot be served due to the Multipurpose Internet Mail Extensions (MIME) map policy that is configured on the web server. The page you requested has a filename extension that is not recognized, and is therefore not allowed.
Please try the following:
-
Contact the website administrator to alert them that they have not enabled the necessary file extensions through their MIME map policy.
HTTP Error 404.3—File or directory not found: MIME map policy prevents this request.
Additional Troubleshooting Tips
-
This error typically occurs when a client tries to request a static file whose filename extension is not defined in the MIME map for the site or server. Adding a wildcard MIME map will prevent these errors from happening, but this is not recommended for security reasons.
405 The Page Cannot Be Displayed
The page you are looking for cannot be displayed because an invalid method (HTTP verb) was used to attempt access.
Please try the following:
-
Contact the website administrator if you believe that this request should be allowed.
-
Make sure that the website address displayed in the address bar of your browser is spelled and formatted correctly.
HTTP Error 405—The HTTP verb used to access this page is not allowed.
406 The Resource Cannot Be Displayed
The page you are looking for cannot be opened by your browser because it has a filename extension that your browser does not accept.
Please try the following:
-
Change the Multipurpose Internet Mail Extensions (MIME) or security settings of your browser to accept the filename extension of the requested page. Your browser might currently be configured in a highly secure mode that protects your computer. Please read the Help for your browser before changing any settings.
HTTP Error 406—Client browser does not accept the MIME type of the requested page.
407 Proxy Authentication Required
You must be authenticated by a proxy server before the web server can execute your request.
Please try the following:
-
Log on to your proxy server and try again.
-
Contact the proxy server administrator if you believe you should be able to view this directory or page.
HTTP Error 407—Initial proxy authentication required by the web server.
410 The Page Does Not Exist
The page you are looking for has been removed.
Please try the following:
-
Navigate to the home page for this website and look for links to the information that you want.
HTTP Error 410—File has been removed.
412 The Page Cannot Be Displayed
The request was not completed due to preconditions that are set in the request header. Preconditions prevent the requested method from being applied to a resource other than the one intended. An example of a precondition is testing for expired content in the page cache of the client.
Please try the following:
-
Navigate to the home page for this website and look for links to the information that you want.
-
Use your web browser’s tools to delete cached pages and then click the Refresh button to try again.
HTTP Error 412—Precondition failed.
414 The Page Cannot Be Displayed
The web server is refusing to service the request because the requested URL address is too long. This condition might occur if the client has encountered a redirection problem (for example, a redirected URL prefix that points to a suffix of itself), or the client has improperly converted a POST request to a GET request with long query information, or the web server is under attack by the client.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this URL address.
-
Make sure that the website address displayed in the address bar of your browser is spelled and formatted correctly.
HTTP Error 414—The Request-URI is too large.
415 The Page Cannot Be Returned
The web server cannot service the request because the requested file is in a format that the server is configured not to download.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this file type.
HTTP 415—Unsupported Media Type.
500 The Page Cannot Be Displayed
There is a problem with the page you are looking for, and it cannot be displayed.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this URL address.
HTTP Error 500—Internal server error.
Additional Troubleshooting Tips
-
This error does not necessarily indicate that the worker process servicing the application pool where the application resides has become unhealthy.
500.11 The Page Cannot Be Displayed
The request cannot be processed because the website is shutting down.
Please try the following:
-
Click the Refresh button, or try again later.
-
If this error persists, contact the website administrator to inform them that this error continues to occur for this URL address.
HTTP Error 500.11—Server error: Application is shutting down on the Web server.
500.12 The Page Cannot Be Displayed
The request cannot be processed while the website is restarting.
Please try the following:
-
Click the Refresh button, or try again later.
-
If this error persists, contact the website administrator to inform them that this error continues to occur for this URL address.
HTTP Error 500.12—Server error: Application is busy restarting on the Web server.
500.13 The Page Cannot Be Displayed
The request cannot be processed at this time. The amount of traffic exceeds the website’s configured capacity.
Please try the following:
-
Click the Refresh button, or try again later.
-
If this error persists, contact the website administrator to inform them that this error continues to occur for this URL address.
HTTP Error 500.13—Server error: Web server is too busy.
Additional Troubleshooting Tips
-
This error will be returned if the client requests an ASP page but the queue is full (that is, the number of concurrent ASP requests exceeds the value defined in the metabase property AspRequestQueueMax). It can also occur if the number of concurrent ASP sessions with the server exceeds the value defined in the metabase property AspSessionMax.
500.14 The Page Cannot Be Displayed
The request cannot be processed due to application configuration errors on the web server.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this URL address.
HTTP Error 500.14—Server error: Invalid application configuration on the server.
500.15 The Page Cannot Be Displayed
GLOBAL.ASA is a special file that cannot be accessed directly by your browser.
Please try the following:
-
In the Address bar of your browser, delete “global.asa” from the end of URL address, and press ENTER.
-
If a link from another web page brought you to this page, contact the administrator of that website to inform them which page has the link.
HTTP Error 500.15—Server error: Direct requests for GLOBAL.ASA are not allowed.
500.16 The Page Cannot Be Displayed
The page you are requesting cannot be accessed due to UNC authorization settings that are configured incorrectly on the web server.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this URL address.
HTTP Error 500.16—Server error: UNC authorization credentials incorrect.
Additional Troubleshooting Tips
-
This error can occur if the client is trying to access a site whose directory is mapped to a remote share using a UNC path. It generally has to do with the credentials used to access the share and typically occurs when the user account is correct but the password is wrong.
500.17 The Page Cannot Be Displayed
The URL Authorization store for the page you requested cannot be found on the web server, therefore your credentials cannot be verified.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this URL address.
HTTP Error 500.17—Server error: URL authorization store cannot be found.
500.18 The Page Cannot Be Displayed
The URL Authorization store for the page you requested cannot be opened on the web server, therefore your credentials cannot be verified.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this URL address.
HTTP Error 500.18—Server error: URL authorization store cannot be opened.
500.19 The Page Cannot Be Displayed
The requested page cannot be accessed because the related configuration data for the page is invalid in the metabase on the web server.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this URL address.
HTTP Error 500.19—Server error: Data for this file is configured improperly in the metabase.
500.100 The Page Cannot Be Displayed
There is a problem with the page you are trying to reach and it cannot be displayed.
Please try the following:
-
Contact the website administrator to let them know that this error has occurred for this URL address.
HTTP 500.100—Internal server error: ASP error.
Technical Information (for support personnel)
-
Error Type: text_generated_here
-
Browser Type: text_generated_here
-
Page: text_generated_here
-
Time: text_generated_here
Note 500.100 errors are generated dynamically when ASP applications fail and include additional technical information as shown to help the developer troubleshoot what went wrong.
501 The Page Cannot Be Displayed
The page you are looking for cannot be displayed because a header value in the request does not match certain configuration settings on the web server. For example, a request header might specify a POST to a static file that cannot be posted to, or specify a Transfer-Encoding value that cannot make use of compression.
Please try the following:
-
Contact the website administrator to inform them that this error has occurred for this URL address.
Error 501—Method not implemented on the Web server.
502 The Page Cannot Be Displayed
There is a problem with the page you are looking for, and it cannot be displayed. When the web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.
Please try the following:
-
Log on to your proxy server and try again.
-
Contact the website administrator to inform them that this error has occurred for this URL address.
HTTP Error 502—Web server received an invalid response while acting as a gateway or proxy server.
Another error that IIS might return on occasion is the HTTP 503 Service Unavailable error, which will be returned if the incoming client request exceeds the size of the application pool queue length. You can configure the queue length by right-clicking the Application Pools node and selecting Properties, choosing the Performance tab, selecting the check box to enable limiting the kernel request queue, and using the up and down arrows to specify the maximum number of queued requests to be permitted. If you clear the check box for limiting the kernel request queue, this error will never be returned, but then too many requests for applications in the pool may cause IIS to run out of memory.
Note that there is no way of customizing HTTP 503 errors in IIS 6; they are generated automatically by the server and provide no further information concerning what caused them. They are often related to problems with application pools, however; and in addition to the preceding scenario, they can be returned when an application pool is manually stopped by an administrator or automatically stopped and taken out of service because of rapid-fail protection being enabled.
Another situation where this error can be returned is if the maximum number of website connections has been limited to some value on the Performance tab instead of the default Unlimited Connections setting being used. If a client tries to access the site when the maximum number of connections has already been established with the server, a Service Unavailable message will be returned.
Finally, this error can be returned if a client tries to access the site while IIS is being restarted by the administrator. However, if IIS is still running but the requested website has been stopped or paused, a generic “Page Cannot Be Displayed” error message will be returned instead.
|
|