Problem:

Our Security team made security changes to IIS to secure IIS further.

When CA SDM web interface was access we got 'http 500.19.180' error.

We can see that IIS changes updated web.config file in $NX_Root\bopcfg\www\wwwroot via any text editor.

For Example:

</system.webServer> 

<system.web> 

<trust level="Full" /> 

</system.web> 

To make the system work again we had to copy the web.config file from a different web server and recycled the CA SDM services. 

Resolution:

This web.config file hold information on security, require_secure_logon & require_secure_connection. 

This file provides a backup in case IIS settings are changed without consent from the Service Desk/Knowledge Tools administrator. 

IIS owns the web applications which is wwwroot folder. Web.config file is being used by IIS. So when IIS is updated it could have added some characters to the file that resulted in 500 errors. 

It is better to rename this file or just copy this file before making changes in IIS so even if it is overwritten we have safe copy of it. 

As a precautionary measure we should always have backup of the system before making security changes to IIS.

Service Desk doesn't control what is updated by IIS in web.config file.