Config Error: This configuration section cannot be used at this path

Question

I\'ve encountered an error deploying a site to a server. When trying to load the home page, or access authentication on the new site in IIS, I get the error:

Answer 1

The error says that the configuration section is locked at the parent level. So it will not be directly 1 config file which will resolve the issue, we need to go through the hierarchy of the config files to see the inheritance Check the below link to go through the File hierarchy and inheritance in IIS

https://msdn.microsoft.com/en-us/library/ms178685.aspx

So you need to check for the app config settings in the below order

1. ApplicationHost.config in C:windows\system32\inetsrv\config. Change the overrideModeDefault attribute to be Allow.
2. ApplicationName.config or web.config in the applications directory
3. Web.config in the root directory.
4. Web.config in the specific website (My issue was found at this place).
5. Web.config of the root web (server's configuration)
6. machine.config of the machine (Root's web.config and machine.config can be found at - systemroot\MicrosoftNET\Framework\versionNumber\CONFIG\Machine.config)

Go carefully through all these configs in the order of 1 to 6 and you should find it.

Answer 2

I ran these two commands from an elevated command prompt:

%windir%/system32/inetsrv/appcmd unlock config /section:anonymousAuthentication

%windir%/system32/inetsrv/appcmd unlock config /section:windowsAuthentication

Answer 3

In my case, it was something else.

When I loaded the solution in a new version of Visual Studio, VS apparently created a new project-specific applicationhost.config file:

MySolutionDir\.vs\config\applicationhost.config

It started using the settings from the new config, instead of my already customized global IIS Express settings. (\Users\%USER%\Documents\IISExpress\config\applicationhost.config)

In my case this was the setting that needed to be set. Of course it could be something else for you:

<section name="ipSecurity" overrideModeDefault="Allow" />

Answer 4

The Powershell way of enabling the features (Windows Server 2012 +) - trim as needed:

Install-WindowsFeature NET-Framework-Core
Install-WindowsFeature Web-Server -IncludeAllSubFeature
Install-WindowsFeature NET-Framework-Features -IncludeAllSubFeature
Install-WindowsFeature NET-Framework-45-ASPNET -IncludeAllSubFeature
Install-WindowsFeature Application-Server -IncludeAllSubFeature
Install-WindowsFeature MSMQ -IncludeAllSubFeature
Install-WindowsFeature WAS -IncludeAllSubFeature

Answer 5

You could also use the IIS Manager to edit those settings.

Care of this Learn IIS article:

Using the Feature Delegation from the root of IIS:

You can then control each of machine-level read/write permissions, which will otherwise give you the overrideMode="Deny" errors.

Answer 6

I had the same problem. Don't remember where I found it on the web, but here is what I did:

• Click "Start button"
• in the search box, enter "Turn windows features on or off"
• in the features window, Click: "Internet Information Services"
• Click: "World Wide Web Services"
• Click: "Application Development Features"
• Check (enable) the features. I checked all but CGI.

btw, I'm using Windows 7. Many comments over the years have certified this works all the way up to Windows 10 and Server 2019, as well.