I’ve encountered an error deploying a site to a server. When trying to load the home page, or access authentication on the new site in IIS, I get the error:
Config Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault=”Deny”), or set explicitly by a location tag with overrideMode=”Deny” or the legacy allowOverride=”false”.
More detail can be found here, in Scenario 7 matches my hex error code.
The solution given on the linked site above is to set Allow for overrideModeDefault in the section mentioned in my error, in the applicationHost.config file. In my case, under Security in system.webServer. But if I look at the applicationHost.config on my local computer, where the site is properly deployed already, that section is set to Deny.
If this solution is correct, how is my local instance running just fine with the same web.config? According to my applicationHost.config, that section should be locked, but it’s not. I’d prefer to not change the applicationHost.config file, because there are many other sites running on that server. Is there another solution?
Config Error: This configuration section cannot be used at this path
I had the same problem. Don’t remember where I found it on the web, but here is what I did:
- Click “Start button”
- in the search box, enter “Turn windows features on or off”
- in the features window, Click: “Internet Information Services”
- Click: “World Wide Web Services”
- Click: “Application Development Features”
- Check (enable) the features. I checked all but CGI.
btw, I’m using Windows 7., but this works all the way up to Windows 10 and Server 2019, as well.
You could also use the IIS Manager to edit those settings.
Using the Feature Delegation from the root of IIS:
You can then control each of machine-level read/write permissions, which will otherwise give you the overrideMode=”Deny” errors.
Browse to “C:\Windows\System32\inetsrv\config” (you will need administrator rights here) Open applicationHost.config
Note: In IISExpress and Visual Studio 2015 the applicationHost.config is stored in
Find the section that showed up in the “config source” part of the error message page. For me this has typically been “modules” or “handlers”
overrideModeDefault attribute to be
So the whole line now looks like:
<section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Allow" />
After saving the file, the page loaded up fine in my browser.
You need to unlock handlers. This can be done using following cmd command:
%windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/handlers
Maybe another info for people that are getting this error on IIS 8, in my case was on Microsoft Server 2012 platform. I had spend couple of hours battling with other errors that bubbled up after executing appcmd. In the end I was able to fix it by removing Web Server Role and installing it again.
1. Open “Turn windows features on or off” by: WinKey+ R => “optionalfeatures” => OK
- Enable those features under “Application Development Features”
Tested on Win 10 – But probably will work on other windows versions as well.
I ran these two commands from an elevated command prompt:
%windir%/system32/inetsrv/appcmd unlock config /section:anonymousAuthentication %windir%/system32/inetsrv/appcmd unlock config /section:windowsAuthentication
Config Error: This configuration section cannot be used at this path – Solution
Try unlocking the relevant IIS configuration settings at server level, as follows:
- Open IIS Manager
- Select the server in the Connections pane
- Open Configuration Editor in the main pane
- In the Sections drop down, select the section to unlock, e.g. system.webServer > defaultPath
- Click Unlock Attribute in the right pane
- Repeat for any other settings which you need to unlock
- Restart IIS (optional) – Select the server in the Conncetions pane, click Restart in the Actions pane
To fix this open up the IIS Express applicationhost.config. This file is stored at C:\Users[your user name]\Documents\IISExpress\config\applicationhost.config
Update for VS2015+: config file location is $(solutionDir).vs\config\applicationhost.config
Look for the following lines
<section name="windowsAuthentication" overrideModeDefault="Deny" /> <section name="anonymousAuthentication" overrideModeDefault="Deny" /> <add name="WindowsAuthenticationModule" lockItem="true" /> <add name="AnonymousAuthenticationModule" lockItem="true" />
Change those lines to
<section name="windowsAuthentication" overrideModeDefault="Allow" /> <section name="anonymousAuthentication" overrideModeDefault="Allow" /> <add name="WindowsAuthenticationModule" lockItem="false" /> <add name="AnonymousAuthenticationModule" lockItem="false" />
Save it and refresh Asp.net Page.
The error says that the configuration section is locked at the parent level. So it will not be directly 1 config file which will resolve the issue, we need to go through the hierarchy of the config files to see the inheritance. Check the below link to go through the File hierarchy and inheritance in IIS
So you need to check for the app config settings in the below order
- ApplicationHost.config in C:windows\system32\inetsrv\config. Change the overrideModeDefault attribute to be Allow.
- ApplicationName.config or web.config in the applications directory
- Web.config in the root directory.
- Web.config in the specific website (My issue was found at this place).
- Web.config of the root web (server’s configuration)
- machine.config of the machine (Root’s web.config and machine.config can be found at – systemroot\MicrosoftNET\Framework\versionNumber\CONFIG\Machine.config)
Go carefully through all these configs in the order of 1 to 6 and you should find it.
Hope you learned something from this post.
Follow Programming Articles for more!