ASP.Net error: "The identity of application pool is invalid"

Question

My ASP.Net web service cannot run because the application pool is unable to start due to the identity crisis it's experiencing.

The user I'm using in the app pool is a domain user, it's a local admin, it's in IIS_WPG, I've given it "act as part of the OS permissions" - nothing. Nada. Fails to start the application pool each time.

Adding the user to IIS_WPG is usually what's missing, but I guess there's something else.

Things I've tried:

• Adding user to IIS_WPG
• Adding user to local admin group and adding the "Act as part of the os" right.
• aspnet_regiis -ga
• rebooting...
• Checked password
• Recreated the app pool and assigning only my application to it

p.s. If I use the Network Service user it all works - it's just my "custom" user that's failing. Logging in (interactively) with this user works.

Edit:

The solution is as described in the accepted answer (adding the "Log on as Service" right to the application pool's identity user).

I'll just add, for future reference, for those encountering the following message when trying to add the "Log on as a service" right to a domain user:

"This setting is not compatible with computers running Windows 2000 Service Pack 1 or earlier...."

Know that this has nothing to do with Windows 2000 and it's just the domain's group policy that's preventing you from assigning this right to the user.

Answer 1

I had this same issue and fought with it for quite a while. After attempting many different solutions, I uninstalled and reinstalled IIS. After rebooting the server, everything was fixed.

Answer 2

After trying all of the above and nothing worked, I noticed the event data in the event log error was 80070700. googling for this error yielded "An attempt was made to logon, but the network logon service was not started."

I found the NetLogon service wasn't started, started it and bingo - it sprung into life. hope this helps someone else one day

Answer 3

Posting a simple answer for completeness because I was getting the same error but what fixed it for me was to include the domain with the username when setting the identity. The user was a valid domain user and a user for the server and I added it to the IIS_ group manually but no dice until I tried adding the domain as a prefix, e.g. "us\svc-myAccount".

Answer 4

In my case the problem was that I was trying to use a domain account while the domain controller had an issue with my machine. I had just created a new VM with a newer version of Windows (Windows 10) and had asked the domain administrator to add it to the domain, but I kept the same hostname as on my other machine.

Also, in the Event Viewer I found error messages concerning the domain controller and such, that gave me a clue.

I had to remove the machine from the domain and add it again, and the problem was solved.

Answer 5

Another minor thing worth mentioning might be that, if it is a new user account created by an administrator, a default policy might apply like 'change your password at first logon'. If that is the case and that logon has not yet happened, this will also effectively block the user account from running your service.

This does not apply to the OP's case since he mentions he can login interactively using the account, but I ran into this today and somebody else might too.

Answer 6

After following all of the other suggestions:

1. Check "Log on as a service" and "Log on as a batch job" permissions
2. Check folder permissions, c:\Windows\system32\inetsrv, etc.
3. In Metabase Explorer check permissions for IIS_WPG group

Remember to restart the IIS admin service!

Answer 7

Another way this can happen is if you have CGI scripts. By default, CGI scripts run as the Windows user accessing the web site. In order to run your CGI scripts under a specific account, account you need an extra step:

IIS 7+

Go to the CGI section in your web site's config in inetmgr.exe. Set impersonation to false.

IIS 6

Run these commands as an administrator:

cd \inetpub\adminscripts
cscript.exe Adsutil.vbs SET W3Svc/CreateProcessAsUser false

Next step: get your IT department to upgrade all of your WS2003 machines...

Answer 8

Make sure the user account trying to access the app pool is a member of the IIS_USRS group in AD.

Answer 9

The app pool user account might be locked out.

Answer 10

Do you have a group policy somewehere that is pulling the account out of the iis_wpg group? We have this (or a similar) problem frequently when, for whatever reason, a worker process or a service needs to run under a custom account.

Answer 11

Make sure there's a folder called c:\inetpub\temp\apppools. If not, create it.

Answer 12

Have you enabled "Log on as a service" for the account?

Start -> Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment -> Log on as a service

(make sure your account is in this list directly or indirectly; it has also been suggested that you should set: Access this computer from the network; Deny logon locally; Log on as a batch job)

Also - ensure that the account has "Read & Execute", "List Folder Contents" and "Read" access to the file system that underpins the web site/application.

Answer 13

Having had this issue before and not being able to track the reason I sympathise! Some pointers that might help:

• Check the password is correct (sorry has to be said)
• Use a new app pool in which no other website is running
• Ensure that you have run aspnet_regiis -ga to set up the required permissions

If all else fails: - Stop the app and delete the app pool - Delete the user - Re-create the user - Run aspnet_regiis -ga - Set up a new app pool running under this user - Run the site under this pool That along with copying and pasting the complex password I was using worked for me!

Answer 14

Try running the following command in the C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 folder:

aspnet_regiis -ga <your_app_pool_user>

For more info on configuring a user account to use as an application pool identity see the following article:

How To: Create a Service Account for an ASP.NET 2.0 Application (MSDN)

Answer 15

I know this is simple, but have you checked the password is correct?

Answer 16

What's happening is you are likely running your application inside a pool that is running applications using a different version of the .NET framework. Make sure that all your applications inside that pool are running the same version. If those apps must run under a different version than this one, create a new pool and add your app to it.