Symptoms:

 

  1. When browsing to the site without specifying the default page name in the browser, we received a 500 error:

     

    HTTP ERROR 500.0 - Internal Server Error

    The page cannot be displayed because an internal server error has occurred

    AuthenticateRequest

    StaticFile

    0x80070542

     

 

 

  1. Failed request tracing for the http 500 response further elaborated the problem with this:

     

    Either a required impersonation level was not provided, or the provided impersonation level is invalid.  (0x80070542)

     

     

    This problem did not happen when using anonymous authentication on the site—only with Windows Integrated authentication.

     

  2. When browsing to the site and specifying the default page name in the browser, the page was served without the 500 error but much of the necessary content was missing.

 

 

Solution Steps:  

 

  1. Per http://support.microsoft.com/kb/981949 we added the local IIS_IUSRS group to a GPO that allowed that group to have "impersonate a client after authentication" as a user assignment right and applied the policy to the web server.   (We couldn't apply it in the local security policy directly in this case.)

     

 

 

 

 

  1. Per http://support.microsoft.com/kb/981949 we added IIS_IUSRS group to the D:\inetpub\wwwroot folder's NTFS permissions. 

     

  2. Ran GPUDATE and IISRESET.