question

We're using a third party Javascript plugin to connect to SSAS through an msmdpump.dll endpoint to display reporting data. We're having trouble with our msmdpump.dll connection due to CORS errors.

Event Viewer log:

 The description for Event ID 25 from source MSOLAP ISAPI Extension: \\?\C:\inetpub\wwwroot\OLAP\msmdpump.dll cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
    
 If the event originated on another computer, the display information had to be saved with the event.
    
 The following information was included with the event: 
    
 msmdsrv.rll
 3081
    
 The message resource is present but the message was not found in the message table

IIS Failed Request Logs:

 <failedRequest url="http://localhost:80/olap/msmdpump.dll"
                siteId="1"
                appPoolId="OLAP"
                processId="47036"
                verb="OPTIONS"
                remoteUserName=""
                userName=""
                tokenUserName="IIS APPPOOL\OLAP"
                authenticationType="anonymous"
                activityId="{800002ED-0005-A000-B63F-84710C7967BB}"
                failureReason="STATUS_CODE"
                statusCode="500"
                triggerStatusCode="500"
                timeTaken="47"
                xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"
                >

The plugin can connect to the provider's demo msmdpump.dll just fine so I'm assuming it's our IIS configuration.

I've tried to follow documentation to setup CORS in IIS and many error solutions around but they haven't helped.
https://docs.microsoft.com/en-us/analysis-services/instances/configure-http-access-to-analysis-services-on-iis-8-0?view=asallproducts-allversions
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSPreflightDidNotSucceed

Our configuration is as follows:
- IIS Website: http://localhost/OLAP/msmdpump.dll
- IIS Website: http://localhost/PluginApp
- IIS websites use Anonymous Authentication
- IIS Application pool: OLAP runs in Classic mode
- IIS Handler mapping configured for msmdpump.dll
- Using same version of msmdpump.dll as the SSAS cube
- Http only on client and server (for testing)
- SSAS and IIS websites all reside on one machine (for testing)
- SSAS cube configures roles for the AppPool user

AppPool

Handler Mapping

web.config for http://localhost/OLAP:

 <?xml version="1.0" encoding="UTF-8"?>
 <configuration>
   <system.webServer>
     <handlers>
       <add name="OLAP" path="msmdpump.dll" verb="*" modules="IsapiModule" scriptProcessor="C:\inetpub\wwwroot\OLAP\msmdpump.dll" resourceType="File" requireAccess="Script" preCondition="bitness64" />   
       <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
       <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
       <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
       <remove name="WebDav" />
       <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
       <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
       <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
       <remove name="OPTIONSVerbHandler" />
       <add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="IsapiModule" scriptProcessor="C:\Windows\System32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" />
       </handlers>
     <defaultDocument enabled="true">
       <files>
         <add value="msmdpump.dll" />
       </files>
     </defaultDocument>
  <security>
  <authorization>
  <remove users="*" roles="" verbs="" />
  <add accessType="Allow" users="?" verbs="OPTIONS" />
  <add accessType="Allow" users="" roles="USERS" />
  </authorization>
  <requestFiltering>
  <verbs allowUnlisted="true" applyToWebDAV="true">
    <remove verb="OPTIONS"/>
    <add verb="OPTIONS" allowed="true"/>
  </verbs>
  </requestFiltering>
  </security>
  <httpProtocol>
    <customHeaders>
   <add name="Access-Control-Allow-Origin" value="*" />
   <add name="Access-Control-Allow-Credentials" value="true" /
   <add name="Access-Control-Allow-Methods" value="POST, OPTIONS" />
   <add name="Access-Control-Allow-Headers" value="Origin, Content-Type, Accept, Authorization" />
    </customHeaders>
  </httpProtocol> 
   </system.webServer>
 </configuration>

Are we missing something in our configuration? Are the CORS settings located in the right web.config? Is there a way I can diagnose the underlying 500 error?