Http 500.19 Error after Removing WSUS

Today I removed WSUS from a 2016 Essentials server. The RWW web site and the Remote Desktop Gateway stopped working. Hours later, I finally found this article with the explanation and solution.

WSUS adds a custom compression module to IIS but does not remove it when you remove the WSUS role. The %WINDIR%\system32\inetsrv\config\applicationhost.config includes a reference to C:\Program Files\Update Services\WebServices\suscomp.dll. Following this article on uninstalling WSUS, I had deleted that folder, so the DLL was missing, leading to the 500.19 error.

The fix is to run this command (on one line) to remove the special WSUS “”xpress” section.

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/httpCompression /-[name='xpress']

Then run iisreset to restart IIS.

More Details

When RWW or Remote Desktop Gateway is not working, the normal fix is to run the Repair wizard form Essentials’ Anywhere Access configuration. That continued to fail in the Verifying phase with these messages:

WSUS and IIS 1

I initially thought that those errors were due to the TLS hardening I recently completed, as discussed here. But backing out those changes (back to server defaults) did not resolve the issue.

I got the detailed 500.19 error by launching https://localhost from the Default Web Site within IIS. The specific error on that page was 0x8007007e, which this page accurately describes:  “This problem occurs because the ApplicationHost.config or Web.config file references a module or a DLL that is invalid or doesn’t exist.” It recommends using Failed Request Tracing to determine which module is the issue. This document has lots of info on Failed Request Tracing, but it was pretty easy to set up within IIS to trap 500 errors:

WSUS and IIS 2

Re-create the error, then right-click on one of the error files in C:\inetpub\logs\FailedReqLogFiles\W3SVC1 and choose to Open with Internet Explorer:

WSUS and IIS 3

WSUS and IIS 4

Here you’ll see that it’s the StaticCompressionModule and DynamicCompressionModule are not found. The confusing thing is that the referenced .dll files do exist, and seem to be configured correctly in IIS.

Finally I thought to Google “wsus uninstall DynamicCompressionModule”. The first link is Trevor Jones’ brilliant article, with the fix that I repeated above. Here’s a screen shot of the ApplicationHost.config with the offending WSUS reference (purple background):

WSUS and IIS 5

Once I applied that fix, RWW and the Remote Desktop Gateway started working again immediately. I re-applied the TLS hardening, rebooted, and the Anywhere Access Repair wizard completed without issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.