|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Service Unavailable with Custom App Pool's custom account."Windows Authentication Only" ASP.Net web application on one Windows 2003 server, but cannot get it to work on another Windows 2003 server. The error on the second server is "Service Unavailable". If I switch the custom pool to use the default Network Service authority and grant that authority access to the web site root folder via ACLs, everything works. If I switch it to use the custom account, any attempt to access the web site - even a static HTML page - produces "Service Unavailable". The custom account is not locked, the password in the custom pool is correct, the aspnet_regiis /ag command was used to grant access to the metabase and the ACLs on the web site's root folder was set for read-only rights. The application uses the custom pool and has rights to read, run scripts and run executables. W3SVC raises events 1057 (warning), 1059 (error) and 1021 (warning) and the custom pool is stopped. I have gone through the security policies on both machines using a comparer, and there are no additional restrictions on the server that the error occurs on. I restart the pool and web site prior to each test. I have looked on Google and MSDN KB and Premier support KB and cannot find anything that fixes the problem. I am stuck. How can I diagnose this problem? Is this custom account inside the IIS_WPG group.
The custom identity doesn't really come into play unless you are running code that uses Process Identity, such as ASP.Net by default (though it is configurable to impersonate another identity). -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "SpamAndEggs" <SpamAndEggs@nospam.nospam> wrote in message news:16AB8BD2-450E-41D8-A9BA-2A48198F8E60@microsoft.com... >I have successfully used a domain account to serve as the identity for a > "Windows Authentication Only" ASP.Net web application on one Windows 2003 > server, but cannot get it to work on another Windows 2003 server. The > error > on the second server is "Service Unavailable". > > If I switch the custom pool to use the default Network Service authority > and > grant that authority access to the web site root folder via ACLs, > everything > works. If I switch it to use the custom account, any attempt to access > the > web site - even a static HTML page - produces "Service Unavailable". The > custom account is not locked, the password in the custom pool is correct, > the > aspnet_regiis /ag command was used to grant access to the metabase and the > ACLs on the web site's root folder was set for read-only rights. The > application uses the custom pool and has rights to read, run scripts and > run > executables. W3SVC raises events 1057 (warning), 1059 (error) and 1021 > (warning) and the custom pool is stopped. > > I have gone through the security policies on both machines using a > comparer, > and there are no additional restrictions on the server that the error > occurs > on. I restart the pool and web site prior to each test. > > I have looked on Google and MSDN KB and Premier support KB and cannot find > anything that fixes the problem. > > I am stuck. How can I diagnose this problem? > 
Other interesting topics
require client certificates SSL
Host a secure web application and OWA, use as many servers and resources as necessary. Remote access to webserver w/website modifications Windows Authentication with asp.net 2.0 Password protect web page SSL Certificates Multiple Host Headers and SSL shared folder for iis website? Calling COM+ component from IIS 6 Annonymous local account what if integrated windows aut. doenn't work? |
|||||||||||||||||||||||
