One thing you must do when: getting http 500.0.1346 error


While browsing your IIS hosted website (or any of the application, virtual directory) you run into the standard Http 500 error message. When you look into the IIS logs for respective site, you find an entry similar to this

2012-08-08 10:10:10 xx.xx.xx.xxxx GET /test.htm - 80 - yy.yy.yy.yyyy Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET4.0C; +.NET4.0E;+.NET+CLR+3.5.30729; +.NET+CLR+3.0.30729) 500 0 1346 15

Here the highlighted ones are various status codes

sc-status –> 500

sc-substatus –> 0

sc-win32-status –> 1346

We know that http 5xx error codes are Server Errors and 500.0 means ‘Module or ISAPI error occurred’ [ref: KB]

But this is not much of an help.

Now looking into sc-win32-status 1346, (open cmd –> “net helpmsg 1346” )

It says: “Either a required impersonation level was not provided, or the provided impersonation level is invalid.”

Now this could mean a lot of things and it is possible that something went wrong while you application is trying to internally perform impersonation. But, before you start deep debugging your application, One thing which you must do is -

Check if the Application Pool Identity for the respective application is a part of ‘Impersonate a client after authentication’ policy. It is a requirement that the application pool identity must be a part of this policy, directly or by inherited membership.

To check this policy – go to start –> run –> secpol.msc –> Local Policies –> User Rights Assignment

This is applicable to IIS 6.0 and IIS 7.0/7.5 (and should be other IIS version too) and for all resource types.

PS: Check this KB for default permission for IIS 6.0. This is more or less valid for IIS 7x as well.