1. When browsing to the site without specifying the default page name in the browser, we received a 500 error:


    HTTP ERROR 500.0 - Internal Server Error

    The page cannot be displayed because an internal server error has occurred







  1. Failed request tracing for the http 500 response further elaborated the problem with this:


    Either a required impersonation level was not provided, or the provided impersonation level is invalid.  (0x80070542)



    This problem did not happen when using anonymous authentication on the site—only with Windows Integrated authentication.


  2. When browsing to the site and specifying the default page name in the browser, the page was served without the 500 error but much of the necessary content was missing.



Solution Steps:  


  1. Per we added the local IIS_IUSRS group to a GPO that allowed that group to have "impersonate a client after authentication" as a user assignment right and applied the policy to the web server.   (We couldn't apply it in the local security policy directly in this case.)






  1. Per we added IIS_IUSRS group to the D:\inetpub\wwwroot folder's NTFS permissions.