468,133 Members | 1,221 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,133 developers. It's quick & easy.

HELP! Changed Application Pool Identity Service Unavailable

I created a new Application Pool for my ASP.NET application since I want it
to run under a specific user identity with privileges to access the
application database. (I don't want to grant access to the entire Network
Service account.) I know the application pool is fundamentally sound because
it runs my application when its identity is set to the default Network
Service account. When I change its identity to the desired local user
account, I get Service Unavailable back to the browser on any ASPX page hit.

I guess the user account is lacking some required privilege? I've been up
and down through Local Users and Groups and through Local Security Policy
and I can't find anything which will enable this user account to serve as
the identity for the application pool. Can you help?

Thanks for any help which you can provide!

Joseph Geretz
Sep 11 '08 #1
3 4508
hi, could it be that you are using the same application pool with
different versions of asp.net? e.g. 1.1 and 2.0?
this error happens in this scenario.
tim

On Sep 11, 5:12 pm, "Joseph Geretz" <jger...@nospam.comwrote:
I created a new Application Pool for my ASP.NET application since I want it
to run under a specific user identity with privileges to access the
application database. (I don't want to grant access to the entire Network
Service account.) I know the application pool is fundamentally sound because
it runs my application when its identity is set to the default Network
Service account. When I change its identity to the desired local user
account, I get Service Unavailable back to the browser on any ASPX page hit.

I guess the user account is lacking some required privilege? I've been up
and down through Local Users and Groups and through Local Security Policy
and I can't find anything which will enable this user account to serve as
the identity for the application pool. Can you help?

Thanks for any help which you can provide!

Joseph Geretz
Sep 24 '08 #2
On Sep 11, 9:12*am, "Joseph Geretz" <jger...@nospam.comwrote:
I created a new Application Pool for my ASP.NET application since I want it
to run under a specific user identity with privileges to access the
application database. (I don't want to grant access to the entire Network
Service account.) I know the application pool is fundamentally sound because
it runs my application when its identity is set to the default Network
Service account. When I change its identity to the desired local user
account, I get Service Unavailable back to the browser on any ASPX page hit.

I guess the user account is lacking some required privilege? I've been up
and down through Local Users and Groups and through Local Security Policy
and I can't find anything which will enable this user account to serve as
the identity for the application pool. Can you help?

Thanks for any help which you can provide!

Joseph Geretz
I am 90% sure that you must allow the user to "Log on as a service".

Start -Administrative Tools -Local Security Policy
Security Settings -Local Policies -User Rights Assignment -Log
On As A Service
Add your user to this list.

Hopefully this works!

Norm
Sep 25 '08 #3
I think ASP.NET actually requires "log on as a batch job". Normally, the
best way to use a non-standard ID as an app pool identity under IIS 6 is to
add it to the local IIS_WPG group as the ACLs and policies required to run a
worker process are usually configured to include this group when IIS is
installed.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Norm" <ne*****@gmail.comwrote in message
news:ee**********************************@w39g2000 prb.googlegroups.com...
On Sep 11, 9:12 am, "Joseph Geretz" <jger...@nospam.comwrote:
I created a new Application Pool for my ASP.NET application since I want
it
to run under a specific user identity with privileges to access the
application database. (I don't want to grant access to the entire Network
Service account.) I know the application pool is fundamentally sound
because
it runs my application when its identity is set to the default Network
Service account. When I change its identity to the desired local user
account, I get Service Unavailable back to the browser on any ASPX page
hit.

I guess the user account is lacking some required privilege? I've been up
and down through Local Users and Groups and through Local Security Policy
and I can't find anything which will enable this user account to serve as
the identity for the application pool. Can you help?

Thanks for any help which you can provide!

Joseph Geretz
I am 90% sure that you must allow the user to "Log on as a service".

Start -Administrative Tools -Local Security Policy
Security Settings -Local Policies -User Rights Assignment -Log
On As A Service
Add your user to this list.

Hopefully this works!

Norm
Sep 25 '08 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

10 posts views Thread by Jacek Generowicz | last post: by
4 posts views Thread by Sarir Khamsi | last post: by
6 posts views Thread by wukexin | last post: by
6 posts views Thread by d.warnermurray | last post: by
3 posts views Thread by Colin J. Williams | last post: by
9 posts views Thread by JJ | last post: by
8 posts views Thread by Mark | last post: by
27 posts views Thread by didacticone | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.