I am getting the following error,
"There was an error while performing this operation. Details: Invalid application path"
when I click "Test Settings" on the "Basic Settings" in an IIS Web Site's application's Actions section. The Web Site itself doesn't get that error.
This is a Windows 2008 r2 server Version 6.1, Build 7601: Service Pack 1.
It is running IIS 7.5.7600.16385 (Yes, I know. But I have no choice.)
There was an application called SSI running a website called SSL that a vendor had setup on one of our servers. My company purchased the application and for reasons to lengthy, we have to setup the SSI application under a different Web Site.
I setup the new web site, EndCourseSurvey. (I'm a developer, not a server admin.)
- The site bindings are https with IP addresses All Unassigned on Port 443.
- The Host name field is disabled.
- The SSL certificate is DigiCert SHA2 Extended Validation. It has a yellow warning next to Key Usage and Basic Constraints. (I don't know what that means but all our certificates seem to have that.)
- Key Usage: Digital Signature, Key Encipherment (a0)
- Basic Constraints: Subject Type=End Entity, Path Length Constraint=None
Under Basic Settings, the web site connects as the Application user with pass-through authentication.
When I click on Test Connection for the web site (not the application), the authentication passes with a green check. The setting is "Pass-through authentication (EndCourseSurvey:NetworkSe
The app pool identity is NetworkService because that's what the vendor set it up to and I couldn't get it to work wit ApplicationPoolIdentity. I don't know why they used NetworkService.
The Test Connection Authorization has a warning: "Cannot verify access to path ..." The details state,
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
The .Net Authorization Rules allow
Local Anonymous Users (All anonymous users)
All Users Inherited
The web site's application pool has the name, EndCourseSurvey v4.0 Integrated managed pipeline, NetworkService identity.
Under Advanced Settings, Load User Profile is true.
Both the web site security and the app security are as follows (I went overboard out of desperation)
- IUSR: Full Control
- System: Full Control
- my personal AD account: R, E, List
- <domain><machine name>$ : Full Control
- Administrators: Full control
- Users: <machine name>\Users : R, E, List
- IIS_IUSRS: R, E, List
- IIS AppPool\EndCourseSurvey: R, E, List
I thought maybe because the previous application and this one both had the same virtual path, /SSI, that might be causing the problem; but I stopped the other web site, I removed that application, and I changed the name of the folder, and I restarted IIS.
My next step, I suppose, is to get ProcMon and see what account is trying to access the folder. In the meantime, please advise. Thanks in advance.