PRB: "500 Internal Server" Error Message with Synchronous HTTP Receive Function

When a BizTalk Server HTTP receive function is configured to synchronously submit messages to BizTalk Server, the receive function may return a "500 Internal Server" error to the application that is sending messages to the server.

Typically, this error occurs because the user context of the BizTalk Server Interchange Application does not have enough credentials when the HTTP receive function invokes the Interchange Submit or the SubmitSync method. By default, the identity of the BizTalk Server Interchange Application is set to run as the Interactive User (currently logged on user) account. In this case, unless a user with the correct rights is actively logged on to the computer that is running BizTalk Server, the Submit and the SubmitSync methods of the BizTalk Server Interchange Application fail.

To resolve this problem, make sure that the BizTalk Server Interchange Application is configured to run under the context of an account that has the correct credentials to invoke the Submit and the SubmitSync methods of the BizTalk Server Interchange Application.

This behavior is by design.

To make sure that the account that is used for the identity of the BizTalk Server Interchange Application has the correct rights to invoke the Submit and the SubmitSync methods, follow these steps:

1. Modify the BizTalk Server Interchange Application COM+ Component to control who submits work items.
2. Add a new role to the BizTalk Server Interchange Application.
3. Associate the Submit and the SubmitSync methods with the new role.
4. Configure the BizTalk Server Interchange Application to run under the context of a particular user account.

Step 1: Modify the BizTalk Server Interchange Application COM+ Component to Control Who Submits Work Items

When you modify the BizTalk Server Interchange Application COM+ component, you can control which users are permitted to submit work items to BizTalk Server 2000. Because the BizTalk Server Interchange Application is a COM+ application, it uses several security configuration properties. For example:

• Authentication level
• Impersonation level
• Access permissions
• Launch permissions
• Configuration permissions

To control which users are permitted to submit work items, you must add a new role to the BizTalk Server Interchange Application and then associate that role with the Submit and the SubmitSync methods.

Step 2: Add a New Role to the BizTalk Server Interchange Application

1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
2. Expand the following nodes:
   • Component Services
   • My Computer
   • COM+ Applications
   
   
3. Right-click BizTalk Server Interchange Application, and then click Properties.
4. On the Advanced tab, under Permissions, click to clear the Disable changes check box, and then click OK.
5. Right-click BizTalk Server Interchange Application, and then click Properties again.
6. On the Security tab, under Authorization, click to select the Enforce access checks for this application check box.
7. Under Security level, click Perform access checks at the process and component level. Security property will be included on the object context. The COM+ security call context is available, and then click OK.
8. In the resultant dialog box, click Yes.
9. Under BizTalk Server Interchange Application, right-click Roles, point to New, and then click Role.
10. In the Roles dialog box, type Submit to name the role, and then click OK.
11. In the resultant dialog box, click Yes.
12. Expand the role that you created in step 10. Right-click Users, point to New, and then click User.
13. In the Select Users or Groups dialog box, type the name of the user, users, or groups that you want to add to this role, and then click OK.

NOTE: An icon appears in the Users folder for each user account or group that you assign to the role. The new role membership takes effect the next time that the application is started.

Step 3: Associate the Submit and SubmitSync Methods with the New Role

NOTE: You must create a new role for the BizTalk Server Interchange Application before you can associate the Submit and the SubmitSync methods with the role.

1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
2. Expand the following nodes:
   • Component Services
   • My Computer
   • COM+ Applications
   • BizTalk Server Interchange Application
   • Components
   • BizTalk.Interchange.1
   • Interfaces
   • IInterchange
   • Methods
   
   
3. Right-click Submit, and then click Properties.
4. On Security tab, under Roles explicitly set for selected item(s), click to select the check box for the new role that you created in the previous steps.
5. Right-click SubmitSync, and then click Properties.
6. On the Security tab, under Roles explicitly set for selected item(s), click to select the check box for the new role that you created in the previous steps.

Step 4: Configure the BizTalk Server Interchange Application to Run Under the Context of a Particular User Account

1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
2. Expand the following nodes:
   • Component Services
   • My Computer
   • COM+ Applications
   • BizTalk Server Interchange Application
   
   
3. Right-click BizTalk Server Interchange Application, and then click Properties.
4. On the Identity tab, click This user, and then type the user name and the password of an account that you have added to the Submit role that you created previously.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base: