Watch your spaces - HTTP Error 500.19 - Internal Server Error

Late last week at the Day Job, a colleague came to me with a problem. The web service he was trying to hit was throwing an error he'd never seen before:

HTTP Error 500.19 - Internal Server Error The requested page cannot be accessed because the related configuration data for the page is invalid.

I'd never seen it before either, at least not in this exact incarnation. Take a look

In case the text isn't so clear, here are the details:

The errors suggested that we have problems with the configuration file, but the web.config was present (and well-formed), and there were no obvious permission problems, so it seems the file was being read. There was nothing in the event logs. Web searches yielded nothing that matched the 0x80072af9 error code or the description of the error. Even ERR.exe, recommended by Troubleshooting HTTP 500.19 Errors in IIS 7, failed me.

Fortunately, there were sibling virtual directories on the server, and they were working fine, even under the same App Pool. I knew that this virtual directory, unlike the others, restricted access to a whitelist of IP addresses. So, I changed the security/ipSecurity node's allowUnlisted to true, just in case for some reason the clients' IP addresses weren't being detected properly. No change.

Frustrated, I removed the whole security node. The service worked!

So I took a closer look at the node:

<security>
  <ipSecurity allowUnlisted="false">
    <add ipAddress="127.0.0.1" allowed="true" />
    <add ipAddress="1.2.3.4 " allowed="true" />
  </ipSecurity>
</security>

Check out that "1.2.3.4" ipAddress. Now check it again. It's actually "1.2.3.4 ", with a space at the end. (I bolded the space there, just so you wouldn't miss it.) It seems that this messes up the IP parsing, and IIS is completely flummoxed. Remove the space, and all is well.