Folks, I double-checked everything you've all mentioned, except for implementing Failed Requests Tracing Rules because it's too hard.
I got down to running procmon.exe with an ACCESS DENIED filter on the file system and found failures on IIS APPPOOL\Classic .NET AppPool, which surprised me as a I'm not using it, I've set NETWORK SERVICE as my account. So something out of my control is causing this. I experimentally set Classic pool to use NETWORK SERVICE as well, but it triggered this bizarre error which is also out of my control: HTTP Error 500.21 - Internal Server Error Handler "Plesk_Handler_013215644" has a bad module "ManagedPipelineHandler" in its module list In theory I could just give modify permission to ApplicationPoolidentity where it needs it, but it doesn't appear in the file system security account lists. I don't know how to assign that account to permissions. Can you? What makes this whole problem so bad is that fact that I'm working on a weird GoDaddy server in Arizona. They have pre-loaded Win2008 with huge slabs of non-standard software, defaults, folders, services and accounts. If this was a vanilla Win2008 I would probably have had it working in 20 minutes. Greg
