The HTTP 500 internal server error of IIS5 is an error we often encounter, so how to solve it? Today I will explain to you how to completely solve it!
The HTTP 500 internal server error of IIS5 is one of the errors we often encounter. Its main error manifestation is that the ASP program cannot browse but the HTM static web page is not affected. In addition, when an error occurs, the system event log and security event log will have corresponding records.
The details are as follows:
(1) Performance in IE
When browsing an asp page that previously functioned normally, the following error will occur:
Web page cannot be displayed
There is a problem with the page you are trying to access, so it cannot be displayed.
Please try the following:
Open the http://127.0.0.1 homepage and look for links to the information you need.
Click the refresh button or try again later.
HTTP 500 - Internal Server Error
Internet Information Services
Technical Information (Support Individuals)
Details:
Microsoft support
Or:
Server Application Error
The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance.
(2) Security log records (2 items)
Event type: failed audit
Event Source: Security
Event Type: Login/Logout
Event ID: 529
Date: 2001-9-9
Event: 11:17:07
User: NT AUTHORITYSYSTEM
Computer: MYSERVER
describe:
Login failed:
Reason: Unknown username or wrong password
Username: IWAM_MYSERVER
Domain: MYDOM
Login type: 4
Login process: Advapi
Authentication package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation name: MYSERVER
Event type: failed audit
Event Source: Security
Event type: Account login
Event ID: 681
Date: 2001-9-9
Event: 11:17:07
User: NT AUTHORITYSYSTEM
Computer: MYSERVER
describe:
Log in to account: IWAM_MYSERVER
Logged in user: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
From workstation: MYSERVER
Unsuccessful. The error code is: 3221225578
(3) Records in the system log (2 items)
Event Type: Error
Event source: DCOM
Event Type: None
Event ID: 10004
Date: 2001-9-9
Event: 11:20:26
User: N/A
Computer: MYSERVER
describe:
DCOM encountered the error "Unable to update password. The value supplied for the new password contains a value that is not allowed in the password. " and was unable to log in to run the server on .IWAM_MYSERVER:
{3D14228D-FBE1-11D0-995D-00C04FD919C1}
Event Type: Warning
Event source: W3SVC
Event Type: None
Event ID: 36
Date: 2001-9-9
Event: 11:20:26
User: N/A
Computer: MYSERVER
describe:
The server failed to staging application '/LM/W3SVC/4/Root'. The error is 'RunAs must be of the form <domain name><username> or just <username>'.
To obtain more information about this message, visit the Microsoft Online Support site: http://www.microsoft.com/contentredirect.asp.
[Cut-Page]
Comprehensive analysis of the above error performance, we can see that the HTTP 500 internal error is mainly caused by the incorrect password of the IWAM account (which is the IWAM_MYSERVER account on my computer).
Before analyzing the causes of HTTP500 internal errors in detail, let’s give a brief introduction to the IWAM account: The IWAM account is a built-in account automatically created by the system when installing IIS5. It is mainly used to start Internet information services for applications outside the process. The name of the IWAM account will vary according to the NETBIOS name of each computer. The common format is IWAM_MACHINE, which consists of the "IWAM" prefix, the connecting line "_" and the computer's NETBIOS name. The NETBIOS name of my computer is MYSERVER, so the name of the IWAM account on my computer is IWAM_MYSERVER, which is very similar to the naming method of the IIS anonymous account ISUR_MACHINE.
After the IWAM account is established, it is jointly used by Active Directory, IIS metabase database and COM+ application. The account password is saved by the three parties respectively, and the operating system is responsible for the synchronization of the IWAM passwords saved by these three parties. According to common sense, we can rest assured that the operating system is responsible for the work and do not have to worry about errors. However, whether it is a bug or other reasons, the system's password synchronization work for IWAM accounts sometimes fails, causing the passwords used by the three-party IWAM accounts to be inconsistent. When an IIS or COM+ application uses an incorrect IWAM password to log in to the system and starts IIS Out-Of-Process Pooled Applications, the system will reject the request due to an incorrect password, causing IIS Out-Of-Process Pooled Applications to fail to start. We see "Cannot run server {3D14228D-FBE1-11D0-995D-00C04FD919C1}" in the ID10004 error event (here {3D14228D-FBE1-11D0-995D-00C04FD919C1} is the KEY of IIS Out-Of-Process Pooled Applications) , cannot be transferred to the IIS5 application, and the HTTP 500 internal error occurs.
Knowing the cause of the HTTP 500 internal error, the solution is relatively simple, which is to manually synchronize the passwords of the IWAM account in Active Directory, IIS metabase database and COM+ application.
The specific operation is divided into three steps, and you need to log in to the computer as an administrator to provide sufficient operating permissions (the IWAM account is IWAM_MYSERVER as an example).
(1) Change the password of the IWAM_MYSERVER account in Active Directory
Because the password of the IWAM account is controlled by the system and is randomly generated, we do not know what it is. In order to complete the following two steps of password synchronization, we must set the password of the IWAM account to a value we know.
1. Select "Start" -> "Programs" -> "Administrative Tools" -> "Active Directory Users and Computers" to start the "Active Directory Users and Computers" snap-in.
2. Click "user", select "IWAM_MYSERVER" on the right, right-click and select "Reset Password (T)...", and set a new password for IWAM_MYSERVER in the reset password box that pops up. Here we set it to "Aboutnt2001" (without quotation marks), OK, wait for the password to be changed successfully.
(2) Synchronize the password of the IWAM_MYSERVER account in the IIS metabase
Perhaps because this change is too sensitive and important, Microsoft does not provide an explicit user interface for us to modify the IWAM_MYSERVER account password in the IIS metabase. It only provides a management script adsutil.vbs with IIS5. This script is located in C:inetpub In the adminscripts subdirectory (the location may change due to different settings when you install IIS5).
The adsutil.vbs script is powerful, has many parameters and is complicated to use. Here we only provide the method of using this script to modify the IWAM_MYSERVER account password:
adsutil SET w3svc/WAMUserPass Password
The "Password" parameter is the new password of the IWAM account to be set. Therefore, the command to change the password of the IWAM_MYSERVER account in the IIS metabase to "Aboutnt2001" is:
c:InetpubAdminScripts>adsutil SET w3svc/WAMUserPass "Aboutnt2001"
After the modification is successful, the system will prompt as follows:
WAMUserPass: (String) "Aboutnt2001"
(3) Password of IWAM_MYSERVER used to synchronize COM+ applications
To synchronize the password of IWAM_MYSERVER used by COM+ applications, we have two ways to choose: one is to use the component service MMC snap-in, and the other is to use the IWAM account synchronization script synciwam.vbs.
1. Use the component service MMC management unit
(1) Start the Component Services snap-in: Select "Start" -> "Run" -> "MMC", start the management console, open the "Add/Remove Snap-in" dialog box, and add the "Component Services" snap-in.
(2) Find "Component Services" -> "Computer" -> "My Computer" -> "COM+ Applications" -> "Out-Of-Process Pooled Applications", right-click "Out-Of-Process Pooled Applications" -> "Properties".
(3) Switch to the "Flags" tab of the "Out-Of-Process Pooled Applications" properties dialog box. In the "This application runs under the following account" selection, "This user" will be selected, and the user name is "IWAM_MYSERVER". These are default and do not need to be changed. Enter the correct password "Aboutnt2001" in the "Password" and "Confirm Password" text boxes below and confirm to exit.
(4) If the system prompts "The application was created by more than one external product. Are you sure you want to be supported by these products?" Just confirm.
(5) If we set the "Application Protection" of some other Webs to "High (Independent)" in IIS, then the IWAM account password of the COM+ application used by this WEB also needs to be synchronized. Repeat steps (1)-(4) to synchronize the IWAM account passwords of other corresponding Out of process applications.
2. Use the IWAM account to synchronize the script synciwam.vbs
In fact, Microsoft has discovered that there are problems with password synchronization of IWAM accounts, so it has written a separate script synciwam.vbs for IWAM account password synchronization in the IIS5 management script. This script is located in the C:inetpubadminscripts subdirectory (the location may be It will change depending on the settings you set when installing IIS5).
The usage of synciwam.vbs script is relatively simple:
cscript synciwam.vbs [-v|-h]
The "-v" parameter means to display the entire process of script execution in detail (recommended), and the "-h" parameter is used to display simple help information.
If we want to synchronize the password of the IWAM_MYSERVER account in the COM+ application, we only need to execute "cscript synciwam.vbs -v", as follows:
cscript c:inetpubadminscriptssynciwam.vbs -v
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2000. All rights reserved.
WamUserName:IWAM_MYSERVER
WamUserPass:Aboutnt2001
IIS Applications Defined:
Name, AppIsolated, Package ID
w3svc, 0, {3D14228C-FBE1-11d0-995D-00C04FD919C1}
Root, 2,
IISHelp, 2,
IISAdmin, 2,
IISSamples, 2,
MSADC, 2,
ROOT, 2,
IISAdmin, 2,
IISHelp, 2,
Root, 2,
Root, 2,
Out of process applications defined:
Count: 1
{3D14228D-FBE1-11d0-995D-00C04FD919C1}
Updating Applications:
Name: IIS Out-Of-Process Pooled Applications Key: {3D14228D-FBE1-11D0-995D-00C04FD919C1}
It can be seen from the execution of the above script that using the synciwam.vbs script is more comprehensive and faster than using component services. It first finds the IWAM account "IWAM_MYSERVER" from the IIS metabase database and retrieves the corresponding password "Aboutnt2001", then searches for all defined IIS Applications and Out of process applications, and synchronizes the IWAM account of each Out of process application one by one. password.
When using the synciwam.vbs script, one thing to note is that before you run synciwam.vbs, you must ensure that the IIS metabase database and the IWAM password in Active Directory are consistent. Because the synciwam.vbs script obtains the password of the IWAM account from the IIS metabase database rather than from Active Directory, if the password in the IIS metabase is incorrect, the password obtained by synciwam.vbs will also be incorrect, and the synchronization operation is executed to "Updating Applications" The system will report an 80110414 error, that is, "Application {3D14228D-FBE1-11D0-995D-00C04FD919C1} cannot be found".
Okay, so far, the passwords of the IWAM account in Active Directory, IIS metabase database and COM+ application have been successfully synchronized, and your ASP program can run again!
[Cut-Page]Comprehensive analysis of the above error performance, we can see that the HTTP 500 internal error is mainly caused by the incorrect password of the IWAM account (which is the IWAM_MYSERVER account on my computer).
Before analyzing the causes of HTTP500 internal errors in detail, let’s give a brief introduction to the IWAM account: The IWAM account is a built-in account automatically created by the system when installing IIS5. It is mainly used to start Internet information services for applications outside the process. The name of the IWAM account will vary according to the NETBIOS name of each computer. The common format is IWAM_MACHINE, which consists of the "IWAM" prefix, the connecting line "_" and the computer's NETBIOS name. The NETBIOS name of my computer is MYSERVER, so the name of the IWAM account on my computer is IWAM_MYSERVER, which is very similar to the naming method of the IIS anonymous account ISUR_MACHINE.
After the IWAM account is established, it is jointly used by Active Directory, IIS metabase database and COM+ application. The account password is saved by the three parties respectively, and the operating system is responsible for the synchronization of the IWAM passwords saved by these three parties. According to common sense, we can rest assured that the operating system is responsible for the work and do not have to worry about errors. However, whether it is a bug or other reasons, the system's password synchronization work for IWAM accounts sometimes fails, causing the passwords used by the three-party IWAM accounts to be inconsistent. When an IIS or COM+ application uses an incorrect IWAM password to log in to the system and starts IIS Out-Of-Process Pooled Applications, the system will reject the request due to an incorrect password, causing IIS Out-Of-Process Pooled Applications to fail to start. We see "Cannot run server {3D14228D-FBE1-11D0-995D-00C04FD919C1}" in the ID10004 error event (here {3D14228D-FBE1-11D0-995D-00C04FD919C1} is the KEY of IIS Out-Of-Process Pooled Applications) , cannot be transferred to the IIS5 application, and the HTTP 500 internal error occurs.
Knowing the cause of the HTTP 500 internal error, the solution is relatively simple, which is to manually synchronize the passwords of the IWAM account in Active Directory, IIS metabase database and COM+ application.
The specific operation is divided into three steps, and you need to log in to the computer as an administrator to provide sufficient operating permissions (the IWAM account is IWAM_MYSERVER as an example).
(1) Change the password of the IWAM_MYSERVER account in Active Directory
Because the password of the IWAM account is controlled by the system and is randomly generated, we do not know what it is. In order to complete the following two steps of password synchronization, we must set the password of the IWAM account to a value we know.
1. Select "Start" -> "Programs" -> "Administrative Tools" -> "Active Directory Users and Computers" to start the "Active Directory Users and Computers" snap-in.
2. Click "user", select "IWAM_MYSERVER" on the right, right-click and select "Reset Password (T)...", and set a new password for IWAM_MYSERVER in the reset password box that pops up. Here we set it to "Aboutnt2001" (without quotation marks), OK, wait for the password to be changed successfully.
(2) Synchronize the password of the IWAM_MYSERVER account in the IIS metabase
Perhaps because this change is too sensitive and important, Microsoft does not provide an explicit user interface for us to modify the IWAM_MYSERVER account password in the IIS metabase. It only provides a management script adsutil.vbs with IIS5. This script is located in C:inetpub In the adminscripts subdirectory (the location may change due to different settings when you install IIS5).
The adsutil.vbs script is powerful, has many parameters and is complicated to use. Here we only provide the method of using this script to modify the IWAM_MYSERVER account password:
adsutil SET w3svc/WAMUserPass Password
The "Password" parameter is the new password of the IWAM account to be set. Therefore, the command to change the password of the IWAM_MYSERVER account in the IIS metabase to "Aboutnt2001" is:
c:InetpubAdminScripts>adsutil SET w3svc/WAMUserPass "Aboutnt2001"
After the modification is successful, the system will prompt as follows:
WAMUserPass: (String) "Aboutnt2001"
(3) Password of IWAM_MYSERVER used to synchronize COM+ applications
To synchronize the password of IWAM_MYSERVER used by COM+ applications, we have two ways to choose: one is to use the component service MMC snap-in, and the other is to use the IWAM account synchronization script synciwam.vbs.
1. Use the component service MMC management unit
(1) Start the Component Services snap-in: Select "Start" -> "Run" -> "MMC", start the management console, open the "Add/Remove Snap-in" dialog box, and add the "Component Services" snap-in.
(2) Find "Component Services" -> "Computer" -> "My Computer" -> "COM+ Applications" -> "Out-Of-Process Pooled Applications", right-click "Out-Of-Process Pooled Applications" -> "Properties".
(3) Switch to the "Flags" tab of the "Out-Of-Process Pooled Applications" properties dialog box. In the "This application runs under the following account" selection, "This user" will be selected, and the user name is "IWAM_MYSERVER". These are default and do not need to be changed. Enter the correct password "Aboutnt2001" in the "Password" and "Confirm Password" text boxes below and confirm to exit.
(4) If the system prompts "The application was created by more than one external product. Are you sure you want to be supported by these products?" Just confirm.
(5) If we set the "Application Protection" of some other Webs to "High (Independent)" in IIS, then the IWAM account password of the COM+ application used by this WEB also needs to be synchronized. Repeat steps (1)-(4) to synchronize the IWAM account passwords of other corresponding Out of process applications.
2. Use the IWAM account to synchronize the script synciwam.vbs
In fact, Microsoft has discovered that there are problems with password synchronization of IWAM accounts, so it has written a separate script synciwam.vbs for IWAM account password synchronization in the IIS5 management script. This script is located in the C:inetpubadminscripts subdirectory (the location may be It will change depending on the settings you set when installing IIS5).
The usage of synciwam.vbs script is relatively simple:
cscript synciwam.vbs [-v|-h]
The "-v" parameter means to display the entire process of script execution in detail (recommended), and the "-h" parameter is used to display simple help information.
If we want to synchronize the password of the IWAM_MYSERVER account in the COM+ application, we only need to execute "cscript synciwam.vbs -v", as follows:
cscript c:inetpubadminscriptssynciwam.vbs -v
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2000. All rights reserved.
WamUserName:IWAM_MYSERVER
WamUserPass:Aboutnt2001
IIS Applications Defined:
Name, AppIsolated, Package ID
w3svc, 0, {3D14228C-FBE1-11d0-995D-00C04FD919C1}
Root, 2,
IISHelp, 2,
IISAdmin, 2,
IISSamples, 2,
MSADC, 2,
ROOT, 2,
IISAdmin, 2,
IISHelp, 2,
Root, 2,
Root, 2,
Out of process applications defined:
Count: 1
{3D14228D-FBE1-11d0-995D-00C04FD919C1}
Updating Applications:
Name: IIS Out-Of-Process Pooled Applications Key: {3D14228D-FBE1-11D0-995D-00C04FD919C1}
It can be seen from the execution of the above script that using the synciwam.vbs script is more comprehensive and faster than using component services. It first finds the IWAM account "IWAM_MYSERVER" from the IIS metabase database and retrieves the corresponding password "Aboutnt2001", then searches for all defined IIS Applications and Out of process applications, and synchronizes the IWAM account of each Out of process application one by one. password.
When using the synciwam.vbs script, one thing to note is that before you run synciwam.vbs, you must ensure that the IIS metabase database and the IWAM password in Active Directory are consistent. Because the synciwam.vbs script obtains the password of the IWAM account from the IIS metabase database rather than from Active Directory, if the password in the IIS metabase is incorrect, the password obtained by synciwam.vbs will also be incorrect, and the synchronization operation is executed to "Updating Applications" The system will report an 80110414 error, that is, "Application {3D14228D-FBE1-11D0-995D-00C04FD919C1} cannot be found".
Okay, so far, the passwords of the IWAM account in Active Directory, IIS metabase database and COM+ application have been successfully synchronized, and your ASP program can run again!