I have a dozen web apps that we tried to assign an application pool identity to. They all fail when you first attempt to visit the page. When we set the identity to network service everything works. I've verified the new custom identity is in all the right groups (IIS_IUSRS and IIS_WPG) and has full access to all the web page files.
Every time we get a 503 error and application pool stoppage.
The error in the application log seems to indicate an access denied issue. We ran procmon to see what the deal was and it was getting access denied to the c:\windows\system32\inetsrv\config\schema directory. We gave it full rights to that directory and it still fails...and it gives an access denied error afterwards.
The problem turned out to be bypass traverse check. The account had to be set in that policy. Set the policy, restarted the server and BAM! it worked.
No comments:
Post a Comment