Sometimes Identity Server will just give an Error 500. Not a lot of information to work with.
First, some simple triage steps to determine how bad it really is
- Have you (or someone that you know) recently changed anything? Take a minute to ask around. Does anyone have permissions to change stuff, but might have problems remembering stuff or maybe has problems admitting when they eff things up really bad? Don’t put that person in the hospital until you find out what they did, so it can be undone.
- If you are using load-balanced servers, check each individual machine directly (by IP address or name, not through the load balancer)
- Restart the server(s)
- You can get more information from the server but ONLY DO THIS FOR A FEW MINUTES AND THEN UNDO IT because it will show a lot of diagnostic information and that sort of thing is very dangerous in a production environment, especially on a server that is being used for identity and security management! You have been warned. On each server, go to the web directory where Identity Server is installed. Find the file called web.config. Make a backup of that file. Open notepad.exe with full admin permissions, use notepad to edit the web.config file. Search the file for an xml block that says <customErrors mode=”RemoteOnly”/>. Change that to mode=”Off” (it is very case-sensitive, so be sure to use a capital O in Off). Now you will get a much more descriptive error. Please fix the problem and set that customError mode back to mode=”RemoteOnly” or “On” (whatever it was before you changed it).
If restarting app pools doesn’t work and rebooting doesn’t work either, then your servers might be hosed.
Here are some things that you can try to un-hose them:
*** before you do anything, make a backup of your DB ***
- Use the current (one) working server to change your settings to something that will work for all of your servers.
a. For instance, if you are changing to a different key, be sure that the new key is installed on ALL of your identity servers AND the key is readable.
b. Double-check, to make sure
- Restore your most-recent DB backup. If your most recent backup is really really old, then you still can restore your old backup and copy your newer values into it by restoring your (hosed) DB to another (dev) server, and using SSMS to copying values/settings from the newer/broken DB to the older/working DB.
- If you don’t have a backup. Please make an oath, from this day forward, to always make backups before and after you make a change to your Identity Server. Now, go into the DB and look at each of the tables. Some of them will have values that look familiar, because the names match different screens in the Admin interface. Change the values to something that you believe will get the server working again. I can’t really tell you which exact ones to change, because I don’t know what was on your server before you broke it.
*** After you make changes in the admin interface or in the database, you must restart Identity Server on each machine ***
*** After you make changes, ALWAYS confirm that each/every machine is working by going directly to that machine (not through the load balancer) ***
Also, after you get everything working, make a backup and keep it in a safe place. Now, if you ever get another Error 500, you can always revert to the backup of this working version.