HELP! Changed Application Pool Identity Service Unavailable

Discussion in 'ASP .Net' started by Joseph Geretz, Sep 11, 2008.

  1. I created a new Application Pool for my ASP.NET application since I want it
    to run under a specific user identity with privileges to access the
    application database. (I don't want to grant access to the entire Network
    Service account.) I know the application pool is fundamentally sound because
    it runs my application when its identity is set to the default Network
    Service account. When I change its identity to the desired local user
    account, I get Service Unavailable back to the browser on any ASPX page hit.

    I guess the user account is lacking some required privilege? I've been up
    and down through Local Users and Groups and through Local Security Policy
    and I can't find anything which will enable this user account to serve as
    the identity for the application pool. Can you help?

    Thanks for any help which you can provide!

    Joseph Geretz
    Joseph Geretz, Sep 11, 2008
    #1
    1. Advertising

  2. Joseph Geretz

    Tim_Mac Guest

    hi, could it be that you are using the same application pool with
    different versions of asp.net? e.g. 1.1 and 2.0?
    this error happens in this scenario.
    tim

    On Sep 11, 5:12 pm, "Joseph Geretz" <> wrote:
    > I created a new Application Pool for my ASP.NET application since I want it
    > to run under a specific user identity with privileges to access the
    > application database. (I don't want to grant access to the entire Network
    > Service account.) I know the application pool is fundamentally sound because
    > it runs my application when its identity is set to the default Network
    > Service account. When I change its identity to the desired local user
    > account, I get Service Unavailable back to the browser on any ASPX page hit.
    >
    > I guess the user account is lacking some required privilege? I've been up
    > and down through Local Users and Groups and through Local Security Policy
    > and I can't find anything which will enable this user account to serve as
    > the identity for the application pool. Can you help?
    >
    > Thanks for any help which you can provide!
    >
    > Joseph Geretz
    Tim_Mac, Sep 24, 2008
    #2
    1. Advertising

  3. Joseph Geretz

    Norm Guest

    On Sep 11, 9:12 am, "Joseph Geretz" <> wrote:
    > I created a new Application Pool for my ASP.NET application since I want it
    > to run under a specific user identity with privileges to access the
    > application database. (I don't want to grant access to the entire Network
    > Service account.) I know the application pool is fundamentally sound because
    > it runs my application when its identity is set to the default Network
    > Service account. When I change its identity to the desired local user
    > account, I get Service Unavailable back to the browser on any ASPX page hit.
    >
    > I guess the user account is lacking some required privilege? I've been up
    > and down through Local Users and Groups and through Local Security Policy
    > and I can't find anything which will enable this user account to serve as
    > the identity for the application pool. Can you help?
    >
    > Thanks for any help which you can provide!
    >
    > Joseph Geretz


    I am 90% sure that you must allow the user to "Log on as a service".

    Start -> Administrative Tools -> Local Security Policy
    Security Settings -> Local Policies -> User Rights Assignment -> Log
    On As A Service
    Add your user to this list.

    Hopefully this works!

    Norm
    Norm, Sep 25, 2008
    #3
  4. Joseph Geretz

    Joe Kaplan Guest

    I think ASP.NET actually requires "log on as a batch job". Normally, the
    best way to use a non-standard ID as an app pool identity under IIS 6 is to
    add it to the local IIS_WPG group as the ACLs and policies required to run a
    worker process are usually configured to include this group when IIS is
    installed.

    Joe K.
    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Norm" <> wrote in message
    news:...
    On Sep 11, 9:12 am, "Joseph Geretz" <> wrote:
    > I created a new Application Pool for my ASP.NET application since I want
    > it
    > to run under a specific user identity with privileges to access the
    > application database. (I don't want to grant access to the entire Network
    > Service account.) I know the application pool is fundamentally sound
    > because
    > it runs my application when its identity is set to the default Network
    > Service account. When I change its identity to the desired local user
    > account, I get Service Unavailable back to the browser on any ASPX page
    > hit.
    >
    > I guess the user account is lacking some required privilege? I've been up
    > and down through Local Users and Groups and through Local Security Policy
    > and I can't find anything which will enable this user account to serve as
    > the identity for the application pool. Can you help?
    >
    > Thanks for any help which you can provide!
    >
    > Joseph Geretz


    I am 90% sure that you must allow the user to "Log on as a service".

    Start -> Administrative Tools -> Local Security Policy
    Security Settings -> Local Policies -> User Rights Assignment -> Log
    On As A Service
    Add your user to this list.

    Hopefully this works!

    Norm
    Joe Kaplan, Sep 25, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Lozzi
    Replies:
    0
    Views:
    543
    David Lozzi
    Aug 30, 2007
  2. Kevin C
    Replies:
    2
    Views:
    209
    Hernan de Lahitte
    Nov 19, 2004
  3. SpamAndEggs

    Service Unavailable error for IIS application pool

    SpamAndEggs, May 10, 2006, in forum: ASP .Net Security
    Replies:
    1
    Views:
    216
    Luke Zhang [MSFT]
    May 10, 2006
  4. Popezilla
    Replies:
    2
    Views:
    922
    Popezilla
    Mar 18, 2007
  5. Joseph Geretz
    Replies:
    3
    Views:
    831
    Joe Kaplan
    Sep 25, 2008
Loading...

Share This Page