Command to rebuild applicationHost.config in IIS 7

MacGyver picture MacGyver · Feb 13, 2013 · Viewed 36.8k times · Source

Is there a way to rebuild the applicationHost.config file in IIS 7 with a Windows command? Or if you can help me fix the issue by modifying this file, that's fine too. When comparing this file to other servers, I'm noticing very important sections that are missing or different after deleting a site and a few application pools.

I am by no means an expert in IIS 7, but I've been using it for 7 years now. I am confident have performed all of the proper steps for a new site configuration and it still gives me this error, "401.1 "You are not authorized to view this page. You do not have permission to view this directory or page using the credentials that you supplied."

C:\Windows\System32\inetsrv\config\applicationHost.config

This happened on a machine where IIS APPPOOL{app pool user} doesn't exist, so we've never used this user, like I normally do when configuring permissions. We did however add proper permissions to IIS_IUSRS (with IUSR in this group) last week, and the site worked fine. We're using Windows Authentication, and all other authentication methods are turned off. No virtual directories. We are using .NET 4.0, Classic, and 32 bit app (under advanced settings).

We had to manually update the host name by doing the following command in "C:\Windows\System32\inetsrv" on the binding because IIS would grey out the host name when the VeriSign SSL certificate was added to the binding.

appcmd set site /site.name:"himc" /+bindings.[protocol='https',bindingInformation='*:443:subdomain.domain.com']

Missing sections on "bad" web server:

1 - exists on "good" box, missing on "bad" box

<customMetadata>
    <key path="LM/W3SVC/INFO">
        <property id="4012" dataType="String" userType="1" attributes="Inherit" value="NCSA Common Log File Format,Microsoft IIS Log File Format,W3C Extended Log File Format,ODBC Logging" />
        <property id="2120" dataType="MultiSZ" userType="1" attributes="None" value="400,0,,,0&#xA;" />
    </key>
</customMetadata>

2 - exists on "good" box, missing on "bad" box

    <asp>
        <cache diskTemplateCacheDirectory="%SystemDrive%\inetpub\temp\ASP Compiled Templates" />
    </asp>

3 - this section exists on the "good" box, but only 2.0 (first 2 lines) exist on the "bad" box.

<isapiFilters>
    <filter name="ASP.Net_2.0.50727.0" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="bitness32,runtimeVersionv2.0" />
    <filter name="ASP.Net_2.0.50727-64" path="%windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="bitness64,runtimeVersionv2.0" />
    <filter name="ASP.Net_2.0_for_V1.1" path="%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv1.1" />
    <filter name="ASP.Net_4.0_64bit" path="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv4.0,bitness64" />
    <filter name="ASP.Net_4.0_32bit" path="C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll" enableCache="true" preCondition="runtimeVersionv4.0,bitness32" />
</isapiFilters>

4 - this section exists on "bad" box, but is missing on the "good" box

    <applicationDependencies>
        <application name="Active Server Pages" groupId="ASP" />
    </applicationDependencies>

5 - ssiExecDisable property is missing on "good" box

    <serverSideInclude ssiExecDisable="false" />

6 - section missing on "bad" box

        <authentication>
            <anonymousAuthentication enabled="false" />
            <windowsAuthentication enabled="true" />
        </authentication>

Answer

MacGyver picture MacGyver · Feb 13, 2013

Apparently, Microsoft keeps a history of these files in:

C:\inetpub\history\