IIS 7 and Above
ApplicationPoolIdentity IIS 7.5 to SQL Server 2008 R2 not working.
Last post Jul 24, 2014 08:49 PM by abifarrah
Dec 30, 2010 04:12 PM|jambrose|LINK
I have a small ASP.NET test script that opens a connection to a SQL Server database on another machine in the domain. It isn't working in all cases.
IIS 7.5 under W2K8R2 trying to connect to a remote SQL Server 2008 R2 instance. All machines are in the same domain.
Using the ApplicationPoolIdentity for the web site it fails to connect to the SQL Server with the following:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
However if I switch the Process Model Identity to NETWORK SERVICE or my domain account the database connection is successful.
I've granted the <domain>\<machinename>$ access in SQL Server.
I am not doing any sort of authentication on the web site, it is just a simple script to open a connection to a database to make sure it works.
I have Anonymous Authentication enabled and set to use the Application pool identity.
How do I make this work? Why is the ApplicationPoolIdentity trying to use ANONYMOUS LOGON? Better yet, how do I make it stop using Anonymous logon?
SQL Server 2008 R2
Jan 02, 2011 03:32 PM|gaurav.singh|LINK
Jan 03, 2011 02:41 AM|Leo Tang - MSFT|LINK
By default, the application pools run with a unique identity based on the Application Pool name. Unlike a real user / domain user account, this new identity does not have a user profile. This is the reason that switch the Process Model Identity to NETWORK
SERVICE or your domain account the database connection is successful.
If you must use Anonymous Authentication, you can either switch the Process Model Identity to another account, set Anonymous Authentication to use a custom account or impersonate a user account in your application.
Jan 03, 2011 11:52 AM|jambrose|LINK
So is there no way to allow the Application Pool Identity to authenticate to the SQL Server?
Parts of the site will have database access, but not require a logged in user. I don't have a problem using a domain account to authenticate the web application to the SQL server, I was just hoping to use the new App Pool Identities.
Jan 03, 2011 02:53 PM|AxelD|LINK
Yes, it can be done. Here're the steps necessary:
Jan 03, 2011 03:53 PM|jambrose|LINK
I don't know that this will work seeing as the SQL Server isn't on the same box as the IIS Server. I think that the IIS AppPool\<apppoolname> is a local account correct? At any rate, I'm unable to add the IIS AppPool\<apppoolname> to SQL Server as a login.
I can add the machine for the remote web server from the sql server like so:
This doesn't seem to resolve the problem.
Jul 12, 2011 04:34 PM|maxisam|LINK
Hi there, I know this is kinda old. But does anyone figure this out ? I have the exactly same question.
Aug 21, 2011 04:04 PM|sprdaveaspnet|LINK
I have tried to CREATE "IIS APPPOOL\ASP.NET v4.0" just like the book I am reading says to do. And get this error:
"Create failed for login 'IIS APPPOOL\ASP.NET v4.0" "Windows NT user or group IIS APPPOOL\ASP.NET v4.0 not found. Check the name again.
I am using Windows 7 x64 and SQL Server 2008 develper.
I am new to SQL and IIS. What am I doing wrong? Do I need to set up something in IIS, so when I create the login, it can find it? I must just be missing some steps. SQL will not let me CREATE a login for IIS.
Aug 28, 2011 10:46 PM|stephena55|LINK
Sep 22, 2011 03:31 PM|korggy|LINK
Sep 29, 2011 06:50 PM|zacuke|LINK
Aug 02, 2012 10:27 PM|tanocarlo|LINK
Just if anyone is yet looking for this, the trick is to write down the IIS Application pool as it is when you add a new login. Don't search for it!!
More information here:
Jun 01, 2013 03:32 PM|lz12345|LINK
Sorry to bring up this old thread.
When following AxelD's steps in SQL Server 2012, I'm getting an error code 15401 - Create failed for Login 'IIS_APPPOOL\myAppPool'.
How should correct this error? Thank you!
Jun 03, 2013 03:54 AM|kctt|LINK
Do you use IIS and SQL on same server? The solution is not applicable when SQL runs on a different server.
Jun 03, 2013 01:52 PM|lz12345|LINK
They run in the same Windows 8 Pro x64.
Jul 24, 2014 08:49 PM|abifarrah|LINK
If this question is about how to execute _sp_send_dbmail in msdb database (using the SQL send Database Mail stored procedure in msdb), here is some work around.
Add the .net application user name of your database (which is define on your connection string in your .net app) to the msdb user with "DatabaseMailUserRole" role membership