UrlScan gotcha
The other day I was helping one of the new developers on our project get the code up and running (ASP.NET 2.0 project). When she brought up the web site in the browser, IIS kept returning the terse error message:
"The system cannot find the file specified"
I checked the IIS log and saw it was returning HTTP 404 (File not found), tried all the common tricks of clearning the download cache, deleting the temporary ASP.NET files, run aspnet_regiis.exe, checked folder ACLs…you get the idea! While poking around the %windir%\system32\inetsrv folder structure, I noticed that URLScan had been installed. This is of course a good security practice, but it gave the hint necessary to fix the problem. If you go to http://www.microsoft.com/technet/security/tools/urlscan.mspx and look at the urlscan.ini settings, the AllowDotInPath option was set to 0 (false). Per the documentation:
AllowDotInPath to 0 will cause UrlScan to reject any request where the file extension is ambiguous due to a dot-in-path condition.
Of course, our virtual directory had dots in it! Changing this setting to 1, and running IISRESET made everything right again.
Thankfully URLScan has a log file as well which I was able to see this request getting rejected on. I was surprised that there were few posts on this, so hopefully someone else finds this post useful and it saves another developer some valuable time!
jk