Attempting to remove module in Location section fails with Lock error

Warnock, Braithe (CIB, USA) 0 Reputation points
2023-10-13T21:12:17.51+00:00

Good evening folks, we seem to be having a hard time modifying the applicationHost.config to remove a module from a particular path. We want to apply our authentication module for all paths on our site "Default Web Site/", except for the /HealthCheck.aspx file. Is it possible that IIS no longer allows us to remove modules this way? We can add the module fine, but we can't remove the module no matter what we unlock.

# Can add a module fine
C:\Windows\System32\inetsrv\appcmd.exe set config "Default Web Site" /section:system.webServer/modules /+"[name='myModule',type='myModule.dll']" /commit:apphost

# Can't remove the module regardless if module section is unlocked in applicationHost.config
C:\Windows\System32\inetsrv\appcmd.exe set config "Default Web Site/HealthCheck.aspx" /section:system.webServer/modules /-"[name='myModule']" /commit:apphost
ERROR ( message:The operation on element "add" is not allowed, because the element is locked.  This could be because the section is locked, or the element is locked via lockItem, lockElements, or lockAllElement
sExcept at a parent level. )

Also, IIS seems to ignore the <remove> statement in our Web.config. Note that all locks are set to false and all sections have been set to overrideModeDefault="Allow".

<location path="HealthCheck.aspx">
		<system.webServer>
			<security>
				<authentication>
					<basicAuthentication enabled="false" />
					<anonymousAuthentication enabled="true" />
				</authentication>
			</security>
			<modules>
				<remove name="myModule" />
			</modules>
		</system.webServer>
	</location>

This is for the latest version of windows server and IIS v10.

Internet Information Services
{count} votes

1 answer

Sort by: Most helpful
  1. Yurong Dai-MSFT 2,811 Reputation points Microsoft Vendor
    2023-10-17T09:20:54.26+00:00

    Hi @Warnock, Braithe (CIB, USA),

    According to the documentation, you can add or remove modules in IIS for a site or globally. If you added a module globally (i.e. server level) and the module is set to unlocked status, you can remove the module at the site level. If you add a module to a specific site, it cannot be deleted at the path level under the site. The same goes for my test results.

    Related documents: To disable a module either for a particular application or globally.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the email notification for this thread.

    Best regards,

    Yurong Dai

    0 comments No comments