Internet Information Services
Microsoft web server software.
1,622 questions
IIS 10.0 will not allow an application pool identity to be set to a valid service account on .NET482. How do I fix this?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 96%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETD%3C/text%3E%3C/svg%3E)
Timothy Dooling
25
Reputation points
I have a series of production websites that are currently running 4.6 with IIS 10. I can set the application pool identity to an internal service account. I can also set WCF services to that service account.
On my development and test servers, which are running net48 with IIS 10, the IIS will not allow me to set the application pool with the same service account although I can set WCF services to that same account and it works in all other contexts.
I also can't set the application pool to my own Active Directory login, so it's not the service account. In both cases (service and personal AD account), the IIS interface says the password is incorrect.
On the development server, I can modify the applicationHost.config file to paste the information in from an account that works on the same server, but that doesn't work on my test server or any of my laptops running either Windows 10 or 11 with .NET Framework 4.8+ enabled or my test server.
When I do this on the IIS 10 with 4.8, IIS hangs and the application pool is shut down eventually.
I have tried to check the configurations (roles and features) to ensure the configuration of the system matches that of the working production server with net46, but it doesn't seem to be a configuration issue as far as I can identify although I am sure it involves how IIS handles encryption using 4.8 vs 4.6.
The way my applications work, I need to be able to set the application pool identity to a service account.
Has anyone encountered with problem before, and, if so, is there a solution to this problem?
Internet Information Services
.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,559 questions
{count} votes
-
MotoX80 32,551 Reputation points2024-06-03T15:15:37.69+00:00 What error does the IIS manager display?
-
Lex Li (Microsoft) 5,157 Reputation points Microsoft Employee2024-06-04T12:42:29.9066667+00:00 Account logins are controlled by Windows and Active Directory. Thus, you should talk to your domain administrators and learn what’s wrong from them.
-
Timothy Dooling 25 Reputation points
2024-06-04T15:00:29.0066667+00:00 The IIS displays an incorrect username/password combination.
I have already isolated the problem to IIS.
The AD logins for all other logins works as they are supposed to except when I try to enter the information as the application pool identity.
As I mentioned above, I can enter the username/password combination in a WCF service on the same server without a problem and the services involved run as expected.
The problem is an IIS issue of some sort.
-
MotoX80 32,551 Reputation points
2024-06-04T15:08:37.6166667+00:00 Check the security eventlog for errors.
Open a command prompt and use runas.exe to launch cmd.exe as that account.
Also add that account to the IIS_IUSRS group.
-
Timothy Dooling 25 Reputation points
2024-06-04T15:31:52.83+00:00 It launched cmd.exe when I used runas.exe with the username and password without error.
The account has been working under IIS for over 15 years from IIS 7 to the present on the production server.
I don't believe whether it is in the IIS_IUSRS group would be the issue unless there has been a change in IIS under .NET48
-
MotoX80 32,551 Reputation points
2024-06-04T16:13:01.02+00:00 I would think that .Net would only get involved after IIS launched the worker process as that account. And it should not impact the IIS management console when it comes to defining app pools.
Create a test app pool and set it to .Net 2 or 4.0 or no managed code.
See if you can add the user and start the app pool.
-
MotoX80 32,551 Reputation points
2024-06-05T11:32:16.8633333+00:00 On the development server, I can modify the applicationHost.config file to paste the information in from an account that works on the same server, but that doesn't work on my test server or any of my laptops
Set the account using the IIS management console, appcmd.exe, or the Powershell web administration cmdlet's.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Sam Wu-MSFT 7,136 Reputation points Microsoft Vendor2024-06-10T10:09:12.7833333+00:00 Please check whether the account in your application pool has sufficient permissions.
-
Sam Wu-MSFT 7,136 Reputation points Microsoft Vendor
2024-06-14T07:40:01.9766667+00:00 @Timothy Dooling Do you still meet this issue? If so, could you please share more detailed information account permissions, I am looking forward to seeing your message.
Sign in to comment
1 answer
Sort by: Most helpful
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more