Running IIS6 App Pools under a Domain account Identity


Recently we changed the Identity of an App Pool in IIS 6, from Network Service to a Domain account. Soon after recycling the App Pool, we started seeing some issues.

As soon as we started the App Pool, the following warning was logged in the System section of Event Viewer:

 

Event Type:    Warning
Event Source:    W3SVC
Event Category:    None
Event ID:    1021
Date:        6/22/2009
Time:        11:16:26 PM
User:        N/A
Computer:    <ComputerName>
Description:
The identity of application pool, 'MyAppPool' is invalid.  If it remains invalid when the first request for the application pool is processed, the application pool will be disabled.  The data field contains the error number.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 69 05 07 80               i..

 

And when the Web Application which was using this App Pool was accessed, the App Pool stopped, logging these warnings/errors in Event Viewer:

 

Event Type:    Warning
Event Source:    W3SVC
Event Category:    None
Event ID:    1057
Date:        6/22/2009
Time:        11:16:39 PM
User:        N/A
Computer:    <ComputerName>
Description:
The identity of application pool 'MyAppPool' is invalid, so the World Wide Web Publishing Service can not create a worker process to serve the application pool.  Therefore, the application pool has been disabled.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

 

Event Type:    Error
Event Source:    W3SVC
Event Category:    None
Event ID:    1059
Date:        6/22/2009
Time:        11:16:39 PM
User:        N/A
Computer:    <ComputerName>
Description:
A failure was encountered while launching the process serving application pool 'MyAppPool'. The application pool has been disabled.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

So, hereโ€™s what you need to do if you are switching the identity of IIS App Pool to run under a Domain Account, Unless you love seeing the errors above ๐Ÿ™‚

 

1. Add the Domain Account to the IIS_WPG group on the Machine running IIS.
(This group is the worker Process group which contains the Accounts, allowed to run the IIS worker process.)

2. Goto Start> Run and type secpol.msc . Hit OK. The Local Security Settings console will open up. Under Security Settings, expand Local Policies and Click User Rights Assignment. Double click Log on as a service in the right pane. Add the domain account if not already listed. Click OK and exit the console.
(It enabled the Domain account to register a process as a service.)

You are all set to run your web application now ๐Ÿ™‚

Comments (10)
  1. Maor says:

    after doing what's written here i can't start the service and got error:

    Error 5: access is denied

  2. Hi Maor,

    Can you list the version of IIS and OS you are using. Also, can you check the Event Viewer for detailed log?

    Thanks,

    Sidharth

  3. Workshop2 says:

    Many thanks ๐Ÿ™‚

  4. John says:

    Also need to add user to IIS_WPG group

  5. Manish says:

    Thanks for the to the point resolution!

  6. robert says:

    thanks a lot!!  great help!!

  7. Trent says:

    I have the same issue, and the solution above didn't solve it for me.

    I have the account in IIS_WPG, I have ran the aspnet_regiis -ga Domain/User command, I have verified the password is correct, I verified that the permissions on the folder are correct. I have verified the local policies are correct.

    Nothing has solved our problems…

  8. Chris says:

    Worked like a charm.  Thanks!

  9. Glad that it helped you

  10. jignesh says:

    After doing these steps ,I got error service unavailable. Anyone help?

Comments are closed.

Skip to main content