Showing results for 
Show  only  | Search instead for 
Did you mean: 


Windows Authentication needs to be unlocked at the parent level


In App Portal when attempting to enable Windows Authentication in IIS manager for the ESD application, the following error may be encountered:

Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location with overrideMode="Deny" or the legacy allowOverride="false"

Authentication error


The Windows Authentiation section is locked for the Default Web Site.


To unlock Windows Authentication at the Default Web Site level,
1. Using IIS manager, select Default Web Site under the Sites view
2. Under the Feature view, select Configuration Editor
3. In the Section field, select System.WebServer/Security/authentication/WindowsAuthentication
4. Select "Unlock Section"

You should now be able to enable Windows Authentication at the ESD application level.

Additional Information

If windows authentication is not enabled, then an exception will generally be displayed when accessing the App Portal site.. and exception similar to the following will typically be seen when windows authentication is not enabled:

Server Error in '/ESD' Application.
Object reference not set to an instance of an object.

[NullReferenceException: Object reference not set to an instance of an object.] SelfService.ESD.SidToHex(SecurityIdentifier sid) +16 SelfService.ESD.StartSession(Boolean bDoRedirect, String ImpersonatedAccount, String ImpersonatedComputer) +6172 ASP.default_aspx.Page_Load(Object sender, EventArgs e) +287 System.Web.UI.Control.LoadRecursive() +70 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3177
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Oct 19, 2018 04:36 PM
Updated by: