IIS HTTP 500 Internal Server error Resolution _ Practical Tips

IIS500 error is caused by a bug in Microsoft. Here is the solution:

The main reason is that the IWAM account (in My computer is the Iwam_myserver account) of the password error caused an HTTP 500 internal error.
In the detailed analysis of the causes of HTTP500 internal errors, first of IWAM account for a brief introduction: IWAM account is installed IIS5 when the system automatically set up a built-in account, mainly for the start of the process outside the application of Internet Information Services. The name of the IWAM account differs depending on the NetBIOS name of each computer, and the common format is iwam_machine, which consists of the "IWAM" prefix, the connector "_" plus the NetBIOS name of the computer. My computer's NetBIOS name is MYSERVER, so the name of the IWAM account on my computer is Iwam_myserver, which is very similar to the way IIS Anonymous account Isur_machine is named.

IWAM account is established by active Directory, IIS metabase database and COM + application tripartite use, the account password is saved by three parties, and the operating system is responsible for the three-party saved IWAM Password synchronization work. According to common sense, the operating system is responsible for the work we can rest assured that there is no need to worry about mistakes, but I do not know is a bug or other reasons, the system of the IWAM account password synchronization work will sometimes fail, so that the three-party IWAM account password is not uniform. When IIS or COM + applications log on to the system using the wrong IWAM password, the system rejects the request because of a password error when the IIS Out-of-process pooled applications is started, causing IIS out-of-process pooled Applications failed to start, which is what we see in the ID10004 Error event "cannot run server {3d14228d-fbe1-11d0-995d-00c04fd919c1}" (Here { 3D14228D-FBE1-11D0-995D-00C04FD919C1} is an IIS Out-of-process pooled applications key) and cannot be transferred to the IIS5 application, and HTTP 500 internal errors are generated.

Three. Solutions

Knowing the cause of the HTTP 500 internal error is easier to solve, which is the password for manually synchronizing IWAM accounts in active Directory, IIS metabase database, and COM + applications.
The specific operation in three steps, all need to log on to the computer as an administrator to provide sufficient operational rights (IWAM account to Iwam_myserver for example).

(i) Change the password for the Iwam_myserver account in Active Directory
Because IWAM account password by the system control, randomly generated, we do not know what, in order to complete the following two steps of the password synchronization work, we have to IWAM account password set to a value we know.
1. Select Start-> program-> Administrative Tools-> Active Directory Users and Computers to start the Active Directory Users and Computers snap-in.
2, click "User", select the right "Iwam_myserver", right-click Select "Reset Password (T) ...", in the pop-up Reset Password box to iwam_myserver set a new password, here we set to "Aboutnt2001" (no quotes), OK, wait for password modification to succeed.

(ii) Synchronization of passwords for Iwam_myserver accounts in IIS metabase
Perhaps because of the sensitivity and importance of this change, Microsoft has not provided an explicit user interface for us to modify the Iwam_myserver account password in IIS metabase, only with IIS5 provided a management script adsutil.vbs, which is located in C:\inetpub\ AdminScripts (location may vary depending on how you install IIS5).
The Adsutil.vbs script is powerful, has a lot of parameters and is complex to use, and only provides a way to modify the Iwam_myserver account password using this script:
adsutil SET W3svc/wamuserpass Password
The "Password" parameter is the new password for the IWAM account you want to set up. Therefore, the command to modify the password for the Iwam_myserver account in IIS metabase to "Aboutnt2001" is:
C:\inetpub\adminscripts>adsutil SET w3svc/wamuserpass "Aboutnt2001"
After a successful modification, the system will have the following prompts:
WAMUserPass: (String) "Aboutnt2001"

(iii) iwam_myserver password for synchronizing COM + applications
To synchronize the iwam_myserver password used by COM + applications, there are two options: one is to use the Component Services MMC snap-in and the other is to use the IWAM Account Synchronization script Synciwam.vbs.

1. Use Component Services MMC snap-in
(1) Start Component Services Snap-in: Select Start-> run-> MMC, start the admin console, open the Add/Remove snap-in dialog box, add the Component Services snap-in.
(2) Locate "Component Services"-> "Computer"-> "My Computer"-> "COM + application"-> "Out-of-process Pooled Applications", right-click "Out-of-process Pooled Applications the "->" attribute.
(3) switch to the Flags tab of the Out-of-process Pooled Applications Properties dialog box. This application runs under the following account "This user" in the selection is selected and the username is "Iwam_myserver". These are all defaults and do not have to be changed. Enter the correct password "Aboutnt2001" in the "password" and "Confirm password" text boxes below to confirm the exit.
(4) If the system prompts "the application is created by more than one external product." Are you sure you want to be supported by these products? "is OK.
(5) If we set some other Web application protection to high (standalone) in IIS, the IWAM account password for the COM + application used by the web will also need to be synchronized. Repeat (1)-(4) step, synchronize the other corresponding out of process application IWAM account password.

2, use IWAM Account Synchronization script Synciwam.vbs
In fact, Microsoft has found that the IWAM account in the password synchronization problem, so in the IIS5 management script for the IWAM account password Synchronization write a script synciwam.vbs, this script is located in C:\inetpub\ AdminScripts (location may vary depending on how you install IIS5).
Synciwam.vbs script usage is simpler:
cscript Synciwam.vbs [-v|-h]
The "-V" parameter represents the entire process of displaying script execution in detail (recommended), and the "-H" parameter is used to display simple help information.

We want to sync iwam_myserver account password in COM + application, only need to execute "cscript synciwam.vbs-v", as follows:
cscript c:\inetpub\adminscripts\synciwam.vbs-v
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2000. All rights reserved.

Wamusername:iwam_myserver
wamuserpass:aboutnt2001
IIS Applications Defined:
Name, appisolated, Package ID
W3SVC, 0, {3d14228c-fbe1-11d0-995d-00c04fd919c1}
Root, 2,
IISHelp, 2,
IISAdmin, 2,
IISSamples, 2,
MSADC, 2,
ROOT, 2,
IISAdmin, 2,
IISHelp, 2,
Root, 2,
Root, 2,

Out of process applications defined:
Count:1
{3D14228D-FBE1-11D0-995D-00C04FD919C1}

Updating applications:
Name:iis out-of-process Pooled Applications Key: {3D14228D-FBE1-11D0-995D-00C04FD919C1}

As you can see from the execution of the above script, using Synciwam.vbs scripts is more comprehensive and quicker than using Component Services. It first finds the IWAM account "Iwam_myserver" from the IIS Metabase database and takes out the corresponding password "Aboutnt2001" and finds all the defined IIS applications and out of process Applications and synchronizes the IWAM account password for each out of the process applications application.
When using the Synciwam.vbs script, be aware that before you run Synciwam.vbs, you must ensure that the IIS metabase database is consistent with the IWAM password in Active Directory. Because the Synciwam.vbs script obtains the password from the IIS metabase database instead of the IWAM account from Active Directory, if the password in the IIS metabase is incorrect, The password obtained by the Synciwam.vbs will also be incorrect, the synchronization operation to the "Updating Applications" system will report a 80110414 error, that is, the application is not found { 3D14228D-FBE1-11D0-995D-00C04FD919C1} ".

OK, so far, IWAM account in active Directory, IIS metabase database and COM + application three passwords have been synchronized successfully, your ASP program can also run!