IIS Admin Service cannot start with error 0x80004015

 

Symptom:

 

IIS Admin Service cannot start. IIS manager shows a blank window.

It throws error code 0x80004015, "The class is configured to run as a security id different from the caller", when starting the service.

 

Troubleshooting:

And error is found in event log when starting IIS admin service.

Event Type: Error

Event Source: W3SVC

Event ID: 1036

Description:

A failure occurred while initializing the configuration manager for the World Wide Web Publishing Service. The data field contains the error number.

Data:

0000: 80070005

The error code 80070005 means “Access Denied”.

 

Together there are other errors in the event log, for example

Event Type: Error

Event Source: CryptSvc

Event ID: 512

Description:

The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:

System Writer object failed to subscribe to VSS.

System Error:

Catastrophic failure

No file system or registry “access denied” error can be captured by Process Monitor.

 

Check the services and compare the status/startup to a default system.

The following services are all in running status:

· Remote Procedure call

· Secondary Logon

· Distributed Transaction Coordinator

· DCOM Server Process Launcher

 

 

Solution:

The issue was resolved after we added the "SERVICE" and "Administrators" accounts back to the "Impersonate a Client after Authentication" setting and rebooted the server.

1. Start -> Run -> GPEDIT.MSC.

2. Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.

3. Double-click 'Impersonate a client after authentication'.

4. Make sure that at least Administrators and SERVICE exist. If not add them and restart.

 

Regards,

 

Juntao