ApplicationPoolIdentity in IIS7 401 errors
Solution 1
Maybe you are just missing a small step. When you granted the account read access, did you check that it replaced settings in all subdirectories. Also it may require an IIS reset after changing the access rights.
Solution 2
2008 R2 IIS 7.5
Just as an FYI. After rebuilding servers and spending endless hours troubleshooting a 401.3 error after changing the AppPool identity to a domain account, we came to find out that a GPO was killing IIS. Make sure you test with a server in the "Computer" container and that no GPO's are changing restricted groups outside of Administrators.
In our case, NT Authority\Authenticated Users was removed from the local USERS group and it broke IIS complete.
Simon Martin
Developer specialising in the Angle Brackets stuff (ASP.NET, Azure, and Web Tools).
Updated on June 04, 2022Comments
-
Simon Martin almost 2 years
We have just started to use Windows Server 2008 R2 and IIS7.5 and I'm trying to move some existing sites across from our Windows 2003 box. I can get the sites running ok but am getting 401 errors for all the CSS / Images in the sites. Granting Everyone read access will solve this - but I'm not very happy doing this.
I've read that IIS7.5 makes use of a magical new 'account' and each Application Pool has its own account.
So far I have
- Created a new folder in wwwroot for my website (kbank)
- Copied the files in from another machine
- In IIS7 created a new website (not virtual directory), this created a new Application Pool with the same name as my website. This is an Integrated Pipeline pool
- In Process Model / Identity this is using ApplicationPoolIdentity and Load User Profile is set to True
- Granted IIS AppPool\kbank read access to the root of the folder
Can anyone tell me how best to set up my websites.
-
Simon Martin over 14 yearsHi Shiraz, Always worth checking these things, but no the permissions were updated on all subdirectories and a restart didn't make any difference. Simon
-
Simon Martin over 14 yearsHi Vivek I'm a bit lost - I've removed the everyone account and yet I'm now not getting 401 errors. I don't know whether there was a delay in the permissions being applied (though a restart should have dealt with that). Pleased that is resolved though!
-
hoffmanc almost 12 yearsWhy then was the answer accepted, pray tell?
-
Simon Martin almost 12 years@hoffmanc resetting IIS didn't do the trick, but rebooting the server did. Quite a drastic step, not one I'm proud of, but that old IT adage of "Turn it off and on again" seems to have been the answer. Surely it shouldn't have been the case, but meh!