404.2 Error After a Windows Update

 

I got home last night (actually in the wii hours of the morning) and started watching movie trailers of the new Underworld film that is about to come out, when I heard Serval reboot herself; sign of an automatic Windows update.  I logged into Serval and started IE9, but my home page didn't come up and gave me a 404 error instead; page not found. I tried entering the full pathname of my home page, index.html and it popped right up. I checked the default page for my website and it was still index.html  I started checking out other possibilities but thought about the first time I had installed IIS 5.1; it required I type out the full path of the home page, but fixed itself after a few hours. I decided to sack out for the night and check on this in the morning.

My cat, Citron woke me up in the morning so I fed her and then checked on Serval; no change. I brought up the IIS 7.5 manager and clicked on browse, since that usually provides more detailed error messaging. I received a 404.2 error; unable to view the page because of ISAPI and/or CGI restrictions. I clicked on the computer icon in the Connections pane, went to the features view->IIS and clicked on ISAPI and CGI Restrictions, and in the Actions pane clicked on Open Feature.  There were several dll files that were set to not allowed, so I clicked on each one and in the Actions pane I clicked Allow. After all of that I restarted IIS 7.5, opened up a browser window and all of a sudden my home page popped up!

The Windows update was a security update, so it probably set some of my Allowed dlls to Not Allowed. This is a shotgun technique. What I should have done was enable the dlls one at a time and checked my browser after each reset.  After my home page appeared I should have started setting the dlls (all of them except the last one that brought my home page back to life) back to Not Allowed and checked my home page to make sure it was still there after each reset. If my home page became inaccessible again I'd have to reset the last dll I modified back to Allowed. Following this procedure I would have still kept the security implementation the Windows update was trying to achieve, yet keep my home page accessible to the world.

Of course there is a log file for this stuff, the failed request trace log, but I didn't see it in the folder when I checked (and yes, I had already enabled this logging). Maybe this security update screwed that up too. It's always nice to be able to look up errors in a log file, but the log files aren't always available. When there are no log files, a good error message is indispensable for troubleshooting. In this case the IIS 7.5 manager was able to guide me directly to the problem, and allowed me to perform a shotgun repair.

 

Back To My Blog Page