Error on IIS 7.5: in test connection settings, "Invalid Application Path"

Babak Sekandari
Babak Sekandari used Ask the Experts™
on
I am getting the following error,
"There was an error while performing this operation. Details: Invalid application path"
when I click "Test Settings" on the "Basic Settings" in an IIS Web Site's application's Actions section. The Web Site itself doesn't get that error.
This is a Windows 2008 r2 server Version 6.1, Build 7601: Service Pack 1.
It is running IIS 7.5.7600.16385 (Yes, I know. But I have no choice.)

There was an application called SSI running a website called SSL that a vendor had setup on one of our servers. My company purchased the application and for reasons to lengthy, we have to setup the SSI application under a different Web Site.

I setup the new web site, EndCourseSurvey. (I'm a developer, not a server admin.)
  • The site bindings are https with IP addresses All Unassigned on Port 443.
  • The Host name field is disabled.
  • The SSL certificate is DigiCert SHA2 Extended Validation. It has a yellow warning next to Key Usage and Basic Constraints. (I don't know what that means but all our certificates seem to have that.)
  • Key Usage: Digital Signature, Key Encipherment (a0)
  • Basic Constraints: Subject Type=End Entity, Path Length Constraint=None

Under Basic Settings, the web site connects as the Application user with pass-through authentication.
When I click on Test Connection for the web site (not the application), the authentication passes with a green check. The setting is "Pass-through authentication (EndCourseSurvey:NetworkService).
The app pool identity is NetworkService because that's what the vendor set it up to and I couldn't get it to work wit ApplicationPoolIdentity. I don't know why they used NetworkService.
The Test Connection Authorization has a warning: "Cannot verify access to path ..." The details state,
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

The .Net Authorization Rules allow
Local Anonymous Users (All anonymous users)
and allow
All Users Inherited

The web site's application pool has the name, EndCourseSurvey v4.0 Integrated managed pipeline, NetworkService identity.
Under Advanced Settings, Load User Profile is true.

Both the web site security and the app security are as follows (I went overboard out of desperation)
  • IUSR: Full Control
  • System: Full Control
  • my personal AD account: R, E, List
  • <domain><machine name>$ : Full Control
  • Administrators: Full control
  • Users: <machine name>\Users : R, E, List
  • IIS_IUSRS: R, E, List
  • IIS AppPool\EndCourseSurvey: R, E, List

I thought maybe because the previous application and this one both had the same virtual path, /SSI, that might be causing the problem; but I stopped the other web site, I removed that application, and I changed the name of the folder, and I restarted IIS.

My next step, I suppose, is to get ProcMon and see what account is trying to access the folder. In the meantime, please advise. Thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016
Commented:
It is normally a benign warning message. If you app authenticates then you can ignore it
Babak SekandariProgrammer / Analyst

Author

Commented:
My application behaves strangely when I publish to there. For example, the drop down boxes don't populate as if the app at that site couldn't reach the database. But when I publish to the web site instead of the app, everything worked as normal.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial