IIS: HTTP Error 502.5 - ANCM Out-Of-Process Startup Failure

IIS: HTTP Error 502.5 - ANCM Out-Of-Process Startup Failure

Applies to: PowerShell Universal 1.4 or later

When configuring PowerShell Universal to run under IIS, you may be presented with an error that states ANCM Out-Of-Process Startup Failure. This error can be presented for a variety of reasons but the cause is that the PowerShell Universal server failed to communicate with IIS within a reasonable time. This article outlines various reasons for this error. 

1. Files are Blocked

The most common reason that users experience this problem is that files are blocked by Windows. Per the PowerShell Universal documentation, you should run the following command on the IIS application directory to unblock files.
Get-ChildItem -Recurse | Unblock-File
One problem with Unblock-File is that it may not present an error when it fails to unblock the files. You can validate the files are successfully unblocked by right clicking on the file and clicking Properties. If the file is blocked, you will see a dialog like this. 

If the file is unblocked, the Security section at the bottom of the dialog will no be present. You need to ensure that you are running with a privileged account if the files are located in a location that your user cannot access. 

2. Invalid Configuration

Invalid PowerShell Universal configuration can also cause this error. The server may stop and start due to invalid PS1 configuration files or invalid settings within the appsettings.json file. To ensure this isn't the case you can check the following logs. These are the default log locations.


Either of these logs may provide additional information as to the incorrect configuration. 

3. Permission Issues

When running in IIS, the PowerShell Universal server runs as the application pool account. If this account does not have access to the PowerShell Universal binaries or the default data paths, then the server will fail to start. Validate that you have either configured the appsettings.json settings to point to alternate data directories or that the application pool user has access to the following locations. 
  1. C:\inetpub\wwwroot (or website directory)
  2. C:\ProgramData\PowerShellUniversal
  3. C:\ProgramData\UniversalAutomation