Thanks for the suggestion. I'm not sure this is the problem. My understanding of the web.config section is that it either allows or denies access to a few HTTP actions.
The mutex, however created, is a system object that gets created with certain security attributes. When created by a windows service (IIS) the security attributes say "Unless you have system security defaults then you can't have MUTEX_ALL_ACCESS to this object". The mutex is a named mutex making it visible to any process that knows it's name. This is not a problem if I use the Win32 CreateMutex api with the appropriate security attributes. It's only an issue using the .NET frameworks Mutex object.