4

I'm having a problem with an identity pool on a new IIS server.

Here's my Event viewer text:

Event Type: Warning Event Source: W3SVC Event Category: None Event ID: 1021 Date: 6/12/2009 Time: 1:44:50 PM User: N/A Computer: <scrubbed> Description: The identity of application pool, '<scrubbed>' is invalid. If it remains invalid when the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 69 05 07 80 i..?

Google suggests that it's something to do with the user of the app pool which I set in the "Identity" tab. The most common problems are:

  1. Setting the wrong password
  2. Not adding the user to the IIS_WPG group

I've tried and retried both of these (and restarted the IIS service), and nothing seems to be fixing it. What other things should I be looking for.

FWIW, the identity user is a domain (not local) user. This same setup is working fine on another (supposedly identical) server/setup.

Improve this question

4 Answers 4

Reset to default
6

Thanks to MattB, this Stack Overflow thread eventually led me to the right answer (for me).

I ran the following command (from C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727):

aspnet_regiis.exe -GA domain\username

...where domain\username was the domain-qualified username (in the standard Windows format) of the user I was using for the app pool's identity.

From the aspnet_regiis help, the -GA option does:

Grant the specified user or group access to the IIS metabase and other directories used by ASP.NET.

I don't know why this wasn't done automatically on this server (as I've never had to do this in the past).

Improve this answer
1

A shot in the dark, but perhaps the domain account you've configured for the App Pool's identity is locked?

Improve this answer
1
  • Nope, that wasn't it. Thanks though. Commented Jun 12, 2009 at 20:25
1

Try giving the account "Logon as a Service" rights as well. Here is a very similar question from stack overflow.

Improve this answer
1
  • It wasn't "Logon as Service", but the Stack Overflow question you linked to gave me the right answer. Thanks! Commented Jun 12, 2009 at 20:25
1

If you're using IIS6, with the Metabase Explorer (in the resource kit), you can do the following:

  • browse to /LM/W3SVC/AppPools/MyAppPool
  • enable "View/Secure data"
  • (if needed) enable "View/Inherited data"

Now, look at the WAMUserName and WAMUserPass. You can try running processes as that user:

runas /user:myuser cmd.exe

If that does not work, you should be closer to the answer.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.