Summary
Windows Authentication needs to be unlocked at the parent level
Symptoms
In App Portal when attempting to enable Windows Authentication in IIS manager for the ESD application, the following error may be encountered:
Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location with overrideMode="Deny" or the legacy allowOverride="false"
Cause
The Windows Authentiation section is locked for the Default Web Site.
Resolution
To unlock Windows Authentication at the Default Web Site level,
1. Using IIS manager, select Default Web Site under the Sites view
2. Under the Feature view, select Configuration Editor
3. In the Section field, select System.WebServer/Security/authentication/WindowsAuthentication
4. Select "Unlock Section"
You should now be able to enable Windows Authentication at the ESD application level.
Additional Information
If windows authentication is not enabled, then an exception will generally be displayed when accessing the App Portal site.. and exception similar to the following will typically be seen when windows authentication is not enabled:
Server Error in '/ESD' Application.Object reference not set to an instance of an object.[NullReferenceException: Object reference not set to an instance of an object.] SelfService.ESD.SidToHex(SecurityIdentifier sid) +16 SelfService.ESD.StartSession(Boolean bDoRedirect, String ImpersonatedAccount, String ImpersonatedComputer) +6172 ASP.default_aspx.Page_Load(Object sender, EventArgs e) +287 System.Web.UI.Control.LoadRecursive() +70 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3177