You say the problem only happens for links that have a space in them - forgive me if I’m stating the obvious, but you do know that a url cannot contain spaces don’t you?
If you want to use phrases as part of a url, you should CHtml::encode them, and when you get them as a parameter in your action, decode them to get the original phrase (CHtml::decode will be available in Yii 1.1.8, but for now you’ll have to use htmlspecialchars_decode($text,ENT_QUOTES)).
I do have rewrite module install but there is no .htaccess in the "demo blog" so I would assume it does not require rewrite rule to be configure. Is that not correct?
Yes, the URL does not contain any "space" instead it has "+" in place of "space" but that is the same for using or not using URL manager but I think it is the issue with URL manager that produces an URL that contain "double escape sequence" that causes the security feature in IIS 7 to stop the code. The specific security feature that stop this double escape sequence is "allowDoubleEscaping" setting.
I tried to set "allowDoubleEscaping" to get around the issue but it only work for "localhost" but not for a full domain URL and plus it is not a good idea to disable security feature any way.
I did try that already and I know it works but the "+" is in the URL regardless of using URLManager or not. So the "+" in the URL is not the cause of the issue but rather, I think, is URLManager creating a URL that cause IIS to think it has violated the [color=#1C2837][size=2]"allowDoubleEscaping" security restriction.[/size][/color]
That is what I thought at first but when I was able to click on the same link without URLManger enable and IIS did not redirect to 404 so that tell me that in this case "+" is not the issue.