What do the various IIS error codes mean?

book

Article ID: 179727

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

Reviewing IIS logs you are seeing different return codes and would like to know what they mean.

Environment

ITMS 8.x

Resolution

IIS Status Codes

The following information was extracted from Microsoft KB article 318380.

Summary

When users try to access content on a server that is running Internet Information Services (IIS) through HTTP or File Transfer Protocol (FTP), IIS returns a numeric code that indicates the status of the request. This status code is recorded in the IIS log, and it may also be displayed in the Web browser or FTP client. The status code can indicate whether a particular request is successful or unsuccessful and can also reveal the exact reason why a request is unsuccessful.

Log File Locations

By default, IIS places its log files in %WINDIR\System32\Logfiles. This directory contains separate directories for each World Wide Web (WWW) and FTP site. By default, logs are created in the directories daily and are named with the date (for example, exYYMMDD.log).

HTTP

1xx - Informational

These status codes indicate a provisional response. The client should be prepared to receive one or more 1xx responses before receiving a regular response.

	100 - Continue.
	101 - Switching protocols.

2xx - Success

This class of status codes indicates that the server successfully accepted the client request.

	200 - OK. The client request has succeeded.
	201 - Created.
	202 - Accepted.
	203 - Non-authoritative information.
	204 - No content.
	205 - Reset content.
	206 - Partial content.

3xx - Redirection

The client browser must take more action to fulfill the request. For example, the browser may have to request a different page on the server or repeat the request by using a proxy server.

	301 - Moved Permanently
	302 - Object moved.
	304 - Not modified.
	307 - Temporary redirect.

4xx - Client Error

An error occurs, and the client appears to be at fault. For example, the client may request a page that does not exist, or the client may not provide valid authentication information.

400 - Bad request.

401 - Access denied. IIS defines a number of different 401 errors that indicate a more specific cause of the error. These specific error codes are displayed in the browser but are not displayed in the IIS log:

	401.1 - Logon failed.
	401.2 - Logon failed due to server configuration.
	401.3 - Unauthorized due to ACL on resource.
	401.4 - Authorization failed by filter.
	401.5 - Authorization failed by ISAPI/CGI application.
	401.7 – Access denied by URL authorization policy on the Web server. This error code is specific to IIS 6.0.

403 - Forbidden. IIS defines a number of different 403 errors that indicate a more specific cause of the error:

	403.1 - Execute access forbidden.
	403.2 - Read access forbidden.
	403.3 - Write access forbidden.
	403.4 - SSL required.
	403.5 - SSL 128 required.
	403.6 - IP address rejected.
	403.7 - Client certificate required.
	403.8 - Site access denied.
	403.9 - Too many users.
	403.10 - Invalid configuration.
	403.11 - Password change.
	403.12 - Mapper denied access.
	403.13 - Client certificate revoked.
	403.14 - Directory listing denied.
	403.15 - Client Access Licenses exceeded.
	403.16 - Client certificate is untrusted or invalid.
	403.17 - Client certificate has expired or is not yet valid.
	403.18 - Cannot execute requested URL in the current application pool. This error code is specific to IIS 6.0.
	403.19 - Cannot execute CGIs for the client in this application pool. This error code is specific to IIS 6.0.
	403.20 - Passport logon failed. This error code is specific to IIS 6.0.

404 - Not found.

	404.0 - (None) – File or directory not found.
	404.1 - Web site not accessible on the requested port.
	404.2 - Web service extension lockdown policy prevents this request.
	404.3 - MIME map policy prevents this request.

405 - HTTP verb used to access this page is not allowed (method not allowed.)

406 - Client browser does not accept the MIME type of the requested page.

407 - Proxy authentication required.

412 - Precondition failed.

413 – Request entity too large.

414 - Request-URI too long.

415 – Unsupported media type.

416 – Requested range not satisfiable.

417 – Execution failed.

423 – Locked error.

5xx - Server Error

The server cannot complete the request because it encounters an error.

500 - Internal server error.

	500.12 - Application is busy restarting on the Web server.
	500.13 - Web server is too busy.
	500.15 - Direct requests for Global.asa are not allowed.
	500.16 – UNC authorization credentials incorrect. This error code is specific to IIS 6.0.
	500.18 – URL authorization store cannot be opened. This error code is specific to IIS 6.0.
	500.100 - Internal ASP error.

501 - Header values specify a configuration that is not implemented.

502 - Web server received an invalid response while acting as a gateway or proxy.

	502.1 - CGI application timeout.
	502.2 - Error in CGI application.

503 - Service unavailable. This error code is specific to IIS 6.0.

504 - Gateway timeout.

505 - HTTP version not supported.

Common HTTP Status Codes and Their Causes

200 - Success. This status code indicates that IIS has successfully processed the request.

304 - Not Modified. The client requests a document that is already in its cache and the document has not been modified since it was cached. The client uses the cached copy of the document, instead of downloading it from the server.

401.1 - Logon failed. The logon attempt is unsuccessful, probably because of a user name or password that is not valid.

401.3 - Unauthorized due to ACL on resource. This indicates a problem with NTFS permissions. This error may occur even if the permissions are correct for the file that you are trying to access. For example, you see this error if the IUSR account does not have access to the C:\Winnt\System32\Inetsrv directory. For additional information about how to resolve this problem, click the following article number to view the article in the Microsoft Knowledge Base:

187506 (http://support.microsoft.com/kb/187506/) INFO: Basic NTFS permissions for IIS 4.0

403.1 - Execute access forbidden. The following are two common causes of this error message:

You do not have enough Execute permissions. For example, you may receive this error message if you try to access an ASP page in a directory where permissions are set to None, or you try to execute a CGI script in a directory with Scripts Only permissions. To modify the Execute permissions, right-click the directory in the Microsoft Management Console (MMC), click Properties, click the Directory tab, and make sure that the Execute Permissions setting is appropriate for the content that you are trying to access.

The script mapping for the file type that you are trying to execute is not set up to recognize the verb that you are using (for example, GET or POST). To verify this, right-click the directory in the MMC, click Properties, click the Directory tab, click Configuration, and verify that the script mapping for the appropriate file type is set up to allow the verb that you are using.

403.2 - Read access forbidden. Verify that you have set up IIS to allow Read access to the directory. Also, if you are using a default document, verify that the document exists. For additional information about how to resolve this problem, click the article number below to view the article in the Microsoft Knowledge Base:

247677 (http://support.microsoft.com/kb/247677/EN-US/) Error Message: 403.2 Forbidden: Read Access Forbidden

403.3 - Write access forbidden. Verify that the IIS permissions and the NTFS permissions are set up to grant Write access to the directory. For additional information about how to resolve this problem, click the article number below to view the article in the Microsoft Knowledge Base:

248072 (http://support.microsoft.com/kb/248072/EN-US/) Error Message: 403.3 Forbidden: Write Access Forbidden

403.4 - SSL required. Disable the Require secure channel option, or use HTTPS instead of HTTP to access the page. If you receive this error for a Web site that does not have a certificate installed, click the article number below to view the article in the Microsoft Knowledge Base:

224389 (http://support.microsoft.com/kb/224389/EN-US/) Err Msg: HTTP Error 403, 403.4, 403.5 Forbidden: SSL Required

403.5 - SSL 128 required. Disable the Require 128-bit encryption option, or use a browser that supports 128-bit encryption to view the page. If you receive this error for a Web site that does not have a certificate installed, click the article number below to view the article in the Microsoft Knowledge Base:

224389 (http://support.microsoft.com/kb/224389/EN-US/) Err Msg: HTTP Error 403, 403.4, 403.5 Forbidden: SSL Required

403.6 - IP address rejected. You have configured your server to deny access to your current IP address. For additional information about how to resolve this problem, click the article number below to view the article in the Microsoft Knowledge Base:

248043 (http://support.microsoft.com/kb/248043/EN-US/) Error Message: 403.6 - Forbidden: IP Address Rejected

403.7 - Client certificate required. You have configured your server to require a certificate for client authentication, but you do not have a valid client certificate installed. For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

190004 (http://support.microsoft.com/kb/190004/EN-US/) Error 403.7 or 'Connection to Server Could Not Be Established'

186812 (http://support.microsoft.com/kb/186812/EN-US/) PRB: Error Message: 403.7 Forbidden: Client Certificate Required

403.8 - Site access denied. You have set up a domain name restriction for the domain that you are using to access your server. For additional information about how to resolve this problem, click the article number below to view the article in the Microsoft Knowledge Base:

248032 (http://support.microsoft.com/kb/248032/EN-US/) Error Message: Forbidden: Site Access Denied 403.8

403.9 - Too many users. The number of users who are connected to the server exceeds the connection limit that you have set. For additional information about how to change this limit, click the article number below to view the article in the Microsoft Knowledge Base:

248074 (http://support.microsoft.com/kb/248074/EN-US/) Error Message: Access Forbidden: Too Many Users Are Connected 403.9

NOTE: Microsoft Windows 2000 Professional and Microsoft Windows XP Professional automatically impose a 10-connection limit on IIS. You cannot change this limit.

403.12 - Mapper denied access. The page that you want to access requires a client certificate, but the user ID that is mapped to your client certificate has been denied access to the file. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

248075 (http://support.microsoft.com/kb/248075/EN-US/) Error: HTTP 403.12 - Access Forbidden: Mapper Denied Access

404 - Not found. This error may occur if the file that you are trying to access has been moved or deleted. It can also occur if you try to access a file that has a restricted file name extension after you install the URLScan tool. In this case, you see "Rejected by URLScan" in the log file entry for that request.

500 - Internal server error. You see this error message for a wide variety of server-side errors. Your event viewer logs may contain more information about why this error occurs. Additionally, you can disable friendly HTTP error messages to receive a detailed description of the error. For additional information about how to disable friendly HTTP error messages, click the article number below to view the article in the Microsoft Knowledge Base:

294807 (http://support.microsoft.com/kb/294807/EN-US/) HOWTO: Disable Internet Explorer 5 'Show Friendly HTTP Error Messages' Feature on the Server Side

500.12 - Application restarting. This indicates that you tried to load an ASP page while IIS was in the process of restarting the application. This message should disappear when you refresh the page. If you refresh the page and the message appears again, it may be caused by antivirus software that is scanning your Global.asa file. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

248013 (http://support.microsoft.com/kb/248013/EN-US/) Err Msg: HTTP Error 500-12 Application Restarting

500-100.ASP - ASP error. You receive this error message when you try to load an ASP page that has errors in the code. To obtain more specific information about the error, disable friendly HTTP error messages. By default, this error is only enabled on the default Web site.For additional information about how to see this error on non-default Web sites, click the article number below to view the article in the Microsoft Knowledge Base:

261200 (http://support.microsoft.com/kb/261200/EN-US/) HTTP 500 Error Message Displays Instead of ASP Error Message from 500-100.asp

502 - Bad gateway. You receive this error message when you try to run a CGI script that does not return a valid set of HTTP headers.

Feedback

thumb_up Yes

thumb_down No