IIS: HTTP Error 502.5 - ANCM Out-Of-Process Startup Failure

IIS: HTTP Error 502.5 - ANCM Out-Of-Process Startup Failure

Applies to: PowerShell Universal 1.4 or later

When configuring PowerShell Universal to run under IIS, you may be presented with an error that states ANCM Out-Of-Process Startup Failure. This error can be presented for a variety of reasons but the cause is that the PowerShell Universal server failed to communicate with IIS within a reasonable time. This article outlines various reasons for this error. 

1. Files are Blocked

The most common reason that users experience this problem is that files are blocked by Windows. Per the PowerShell Universal documentation, you should run the following command on the IIS application directory to unblock files.
Get-ChildItem -Recurse | Unblock-File
One problem with Unblock-File is that it may not present an error when it fails to unblock the files. You can validate the files are successfully unblocked by right clicking on the file and clicking Properties. If the file is blocked, you will see a dialog like this. 

If the file is unblocked, the Security section at the bottom of the dialog will no be present. You need to ensure that you are running with a privileged account if the files are located in a location that your user cannot access. 

2. Invalid Configuration

Invalid PowerShell Universal configuration can also cause this error. The server may stop and start due to invalid PS1 configuration files or invalid settings within the appsettings.json file. To ensure this isn't the case you can check the following logs. These are the default log locations.


Either of these logs may provide additional information as to the incorrect configuration. 

3. Permission Issues

When running in IIS, the PowerShell Universal server runs as the application pool account. If this account does not have access to the PowerShell Universal binaries or the default data paths, then the server will fail to start. Validate that you have either configured the appsettings.json settings to point to alternate data directories or that the application pool user has access to the following locations. 
  1. C:\inetpub\wwwroot (or website directory)
  2. C:\ProgramData\PowerShellUniversal
  3. C:\ProgramData\UniversalAutomation

    • Related Articles

    • KB0042 - HTTP Error 500.19 - internal server error 0x8007000d

      Problem When trying to browse your instance of PowerShell Universal (running on IIS under Windows Server via the ZIP install of PowerShell Universal [1] ) you receive HTTP Error 500.19 - Internal Server Error with error code 0x8007000d Cause You may ...
    • KB0026 - Authentication failure when connecting to BitBucket using a HTTP Access Token

      Applicability This article applies to any version of PowerShell Universal with git sync enabled. Symptom When attempting to synchronize with a BitBucket git repository using a HTTP Access Token generated from the BitBucket repository, it fails to ...
    • KB0069 - PowerShell Universal Startup Process

      Purpose The purpose of this document is to outline the steps that PowerShell Universal takes when starting up. Process 1. Insert current product version and install date in database Updates the database with a record about the current product version ...
    • KB0052 - Collecting IIS Application Pool Recycle Events

      Purpose The purpose of this document is to provide information on how to collect IIS Application Pool recycle events. Application Pool recycling can be problematic for PowerShell Universal servers. Walk Through By default, only three of the eight ...
    • OpenID Connect does not work with HTTP

      Version: Any Problem: When configuring PowerShell Universal OpenID Connect authentication, the server will return a 500 error when attempting to authenticate.  Root Cause Chrome 80 introduced new settings that require cross-site cookies to be secure. ...