IIS virtual directory permissions keep getting lost

I have a web site running on Windows Server 2012 R2, IIS 8.5.9600.16384. The site has several virtual directories that point to a file share from which documents (mostly PDFs) are retrieved. All of these virtual directories are using a custom identity for the "Connect As..." option, and the "Test Setting..." button returns successful results.

Ever since we went live, users will occasionally get 500 errors when attempting to access files on these servers through the virtual directories. I am able to duplicate the problem at that moment. The weird thing is that restarting IIS completely fixes the problem for a time. At some later point (usually a day or two), the problem returns. It seems to impact the various virtual directories randomly; while one is failing, the others may or may not work, but restarting fixes them all.

I have no idea how to even go about troubleshooting this. Any ideas?


Solution 1:

A couple of month ago I received an email from another stack user (whose username I unfortunately don't know), asking the same question as I had here: File access randomly breaks returning 500.19 erros on IIS

We wrote back and forth and then, a couple of weeks ago, he finally found a solution. Here's his solution, which worked for us aswell:

  1. Click on the Configuration Editor at the Server / Machine level
  2. Select on the Dropdown List and expand the System.applicationHost
  3. select the sites setting
  4. Click on the … button under the Collections section
  5. Select the concerned website and make the allowSubDirConfig to False
  6. Perform IIS Reset

Alternatively We can also try running the appcmd command:
C:\Windows\System32\inetsrv> appcmd.exe set config -section:system.applicationHost/sites /[name='My_Website'].virtualDirectoryDefaults.allowSubDirConfig:"False" /commit:apphost

We monitored the changes through our load balancer and so far everything seems perfectly fine, no more 500.19 errors.