HELP! Changed Application Pool Identity Service Unavailable

  • Thread starter Thread starter Joseph Geretz
  • Start date Start date
J

Joseph Geretz

I created a new Application Pool for my ASP.NET application since I want it
to run under a specific user identity with privileges to access the
application database. (I don't want to grant access to the entire Network
Service account.) I know the application pool is fundamentally sound because
it runs my application when its identity is set to the default Network
Service account. When I change its identity to the desired local user
account, I get Service Unavailable back to the browser on any ASPX page hit.

I guess the user account is lacking some required privilege? I've been up
and down through Local Users and Groups and through Local Security Policy
and I can't find anything which will enable this user account to serve as
the identity for the application pool. Can you help?

Thanks for any help which you can provide!

Joseph Geretz
 
hi, could it be that you are using the same application pool with
different versions of asp.net? e.g. 1.1 and 2.0?
this error happens in this scenario.
tim
 
I created a new Application Pool for my ASP.NET application since I want it
to run under a specific user identity with privileges to access the
application database. (I don't want to grant access to the entire Network
Service account.) I know the application pool is fundamentally sound because
it runs my application when its identity is set to the default Network
Service account. When I change its identity to the desired local user
account, I get Service Unavailable back to the browser on any ASPX page hit.

I guess the user account is lacking some required privilege? I've been up
and down through Local Users and Groups and through Local Security Policy
and I can't find anything which will enable this user account to serve as
the identity for the application pool. Can you help?

Thanks for any help which you can provide!

Joseph Geretz
Click to expand...

I am 90% sure that you must allow the user to "Log on as a service".

Start -> Administrative Tools -> Local Security Policy
Security Settings -> Local Policies -> User Rights Assignment -> Log
On As A Service
Add your user to this list.

Hopefully this works!

Norm
 
I think ASP.NET actually requires "log on as a batch job". Normally, the
best way to use a non-standard ID as an app pool identity under IIS 6 is to
add it to the local IIS_WPG group as the ACLs and policies required to run a
worker process are usually configured to include this group when IIS is
installed.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
I created a new Application Pool for my ASP.NET application since I want
it
to run under a specific user identity with privileges to access the
application database. (I don't want to grant access to the entire Network
Service account.) I know the application pool is fundamentally sound
because
it runs my application when its identity is set to the default Network
Service account. When I change its identity to the desired local user
account, I get Service Unavailable back to the browser on any ASPX page
hit.

I guess the user account is lacking some required privilege? I've been up
and down through Local Users and Groups and through Local Security Policy
and I can't find anything which will enable this user account to serve as
the identity for the application pool. Can you help?

Thanks for any help which you can provide!

Joseph Geretz
Click to expand...

I am 90% sure that you must allow the user to "Log on as a service".

Start -> Administrative Tools -> Local Security Policy
Security Settings -> Local Policies -> User Rights Assignment -> Log
On As A Service
Add your user to this list.

Hopefully this works!

Norm
 
Back
Top