IIS Changes Updated web.config file in CA SDM

book

Article ID: 37588

calendar_today

Updated On:

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction

Problem:

Our Security team made security changes to IIS to secure IIS further.

When CA SDM web interface was access we got 'http 500.19.180' error.

We can see that IIS changes updated web.config file in $NX_Root\bopcfg\www\wwwroot via any text editor.

For Example:

</system.webServer> 

<system.web> 

<trust level="Full" /> 

</system.web> 

To make the system work again we had to copy the web.config file from a different web server and recycled the CA SDM services. 

Resolution:

This web.config file hold information on security, require_secure_logon & require_secure_connection. 

This file provides a backup in case IIS settings are changed without consent from the Service Desk/Knowledge Tools administrator. 

IIS owns the web applications which is wwwroot folder. Web.config file is being used by IIS. So when IIS is updated it could have added some characters to the file that resulted in 500 errors. 

It is better to rename this file or just copy this file before making changes in IIS so even if it is overwritten we have safe copy of it. 

As a precautionary measure we should always have backup of the system before making security changes to IIS.

Service Desk doesn't control what is updated by IIS in web.config file.

Environment

Release: SDMU0M99000-14.1-Service Desk Manager-Full License
Component: