Share via

Running IIS6 App Pools under a Domain account Identity

  • Article

Recently we changed the Identity of an App Pool in IIS 6, from Network Service to a Domain account. Soon after recycling the App Pool, we started seeing some issues.

As soon as we started the App Pool, the following warning was logged in the System section of Event Viewer:

 

Event Type:    Warning Event Source:    W3SVC Event Category:    None Event ID:    1021 Date:        6/22/2009 Time:        11:16:26 PM User:        N/A Computer:    <ComputerName> Description: The identity of application pool, 'MyAppPool' is invalid.  If it remains invalid when the first request for the application pool is processed, the application pool will be disabled.  The data field contains the error number.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp. Data: 0000: 69 05 07 80               i..

 

And when the Web Application which was using this App Pool was accessed, the App Pool stopped, logging these warnings/errors in Event Viewer:

 

Event Type:    Warning Event Source:    W3SVC Event Category:    None Event ID:    1057 Date:        6/22/2009 Time:        11:16:39 PM User:        N/A Computer:    <ComputerName> Description: The identity of application pool 'MyAppPool' is invalid, so the World Wide Web Publishing Service can not create a worker process to serve the application pool.  Therefore, the application pool has been disabled.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

 

 

Event Type:    Error Event Source:    W3SVC Event Category:    None Event ID:    1059 Date:        6/22/2009 Time:        11:16:39 PM User:        N/A Computer:    <ComputerName> Description: A failure was encountered while launching the process serving application pool 'MyAppPool'. The application pool has been disabled.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.

 

So, here’s what you need to do if you are switching the identity of IIS App Pool to run under a Domain Account, Unless you love seeing the errors above :)

 

1. Add the Domain Account to the IIS_WPG group on the Machine running IIS.
(This group is the worker Process group which contains the Accounts, allowed to run the IIS worker process.)

2. Goto Start> Run and type secpol.msc . Hit OK. The Local Security Settings console will open up. Under Security Settings, expand Local Policies and Click User Rights Assignment. Double click Log on as a service in the right pane. Add the domain account if not already listed. Click OK and exit the console.
(It enabled the Domain account to register a process as a service.)

You are all set to run your web application now :)

Comments

  • Anonymous
    May 18, 2011
    after doing what's written here i can't start the service and got error: Error 5: access is denied

  • Anonymous
    May 18, 2011
    Hi Maor, Can you list the version of IIS and OS you are using. Also, can you check the Event Viewer for detailed log? Thanks, Sidharth

  • Anonymous
    September 19, 2011
    Many thanks :)

  • Anonymous
    January 20, 2012
    Also need to add user to IIS_WPG group

  • Anonymous
    January 29, 2012
    Thanks for the to the point resolution!

  • Anonymous
    March 07, 2012
    thanks a lot!!  great help!!

  • Anonymous
    February 11, 2013
    I have the same issue, and the solution above didn't solve it for me. I have the account in IIS_WPG, I have ran the aspnet_regiis -ga Domain/User command, I have verified the password is correct, I verified that the permissions on the folder are correct. I have verified the local policies are correct. Nothing has solved our problems...

  • Anonymous
    November 14, 2013
    Worked like a charm.  Thanks!

  • Anonymous
    November 14, 2013
    Glad that it helped you

  • Anonymous
    February 19, 2014
    After doing these steps ,I got error service unavailable. Anyone help?