IIS 7 and Above
Application Pool Crashes when Process Identity is selected as Applica...
Last post Oct 05, 2019 01:01 PM by PramodT
Sep 21, 2019 08:22 PM|PramodT|LINK
I am working on migration of a web application from Windows 2008 R2 + IIS 7.5 to Windows 2016 R2 + IIS 10.
I am getting 503 error when the web application is accessed and Application Pool getting crashed when Process Identity is selected as ApplicationPoolIdentity.
On analyzing the windows event logs for security, I can see the audit being failed (event 4625). The message says "User not allowed to login at this computer". Here is the detailed message :
An account failed to log on.
Security ID: SYSTEM
Account Name: <HOSTNAME>$
Account Domain: DIR
Logon ID: 0x3E7
Logon Type: 5
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: QuestDev
Account Domain: IIS APPPOOL
Failure Reason: User not allowed to logon at this computer.
Sub Status: 0xC0000070
Caller Process ID: 0x2b48
Caller Process Name: C:\Windows\System32\svchost.exe
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
In Event->System logs I see the message as "The identity of application pool QuestDev is invalid. ....." followed by "Application pool QuestDev has been disabled" followed by "Application pool QuestDev has been disabled"
The same application is working fine with Process Identity as ApplicationPoolIdentity in source system(Windows 2008 R2 + IIS 7.5).
Is there a chance of ApplicationPoolIdentity getting corrupted? If so how to fix it?I tried searching the internet, but mostly workaround I see is to change the Process Identity to Networkservice, which works fine for me as well, but that is not a fix, so
Sep 23, 2019 02:15 AM|Jalpa Panchal|LINK
which kind of the user QuestDev? are you using windows authentication? did you set the username and password of the user QuestDev?
are you trying to access the network resources or file?
"The identity of application pool QuestDev is invalid. ....." followed by "Application pool QuestDev has been disabled" followed by "Application pool QuestDev has been disabled"
this error shows that your user does not have enough permission to access the site. you could try to give ethe user permission to the site folder.
Sep 24, 2019 02:41 PM|PramodT|LINK
Thanks for replying.
QuestDev is the Application pool name. I haven't created any explicit user with this name.
In Settings of this App Pool (QuestDev), I have selected the Process identity as "ApplicationPoolIdentity" and it crashes with the message in event viewer logs. However if the process Identity is selected as "Network service" it works, pool doesn't crash.
I have tried giving full access to IUSR user and QuestDev (Application Pool\QuestDev), still issue remains same.
The site hosted on the IIS uses windows authentication module and I am getting issues with Windows Authentication feature as well, the site accepts the credentials configured on hosted server only, whereas it should allow login to all domain users.
Any further assistance is appreciated.
Sep 26, 2019 02:28 AM|Jalpa Panchal|LINK
Are you trying to use the network folder or file? after giving permission to the folder did you restart the iis or site? windows user is from the administrator group or from another group? try to set the windows user permission to the folder.
Sep 27, 2019 03:12 AM|PramodT|LINK
The site is stored locally on the server, so no access to any network drives/share.
I see the site folder has R/RW permissions to IIS_IUSRS. Tried restarting IIS as well, didn't help.
Yes the windows user is from Administrator group and has all the required permissions/privileges.
Sep 27, 2019 03:29 AM|Jalpa Panchal|LINK
try to give full access permission to the iusr and iis_iusrs.
Try to Run the below command and get all detail of the application pool:
appcmd.exe list apppool defaultapppool /text:*
Oct 05, 2019 01:01 PM|PramodT|LINK
Thanks for assisting for various checks.
The issue is resolved now.
The option HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\CrashOnAuditFail was set to 2(Any user can log on if the computer can audit the events and write the events to the Security event log. If the Security event log is full, the value for the
crashonauditfail key is changed to 2, and the computer crashes.).
It seems that there was a crash on the server and the system restricted access to non admin accounts(set crashonauditfail to 2).
We have changed the DWORD (CrashOnAuditFail) value to 0 and after changing registry value issue has been resolved.
Here are the common symptoms we found on the VMs that had same issue:
Hope it helps if someone has same issue.