Note: I've found several questions similar on here, but the one's that were resolved did not work for me. So I thought I'd open a new question.
I rebooted our server 2012 box, which hosts our new .net applications. After doing so, I started receiving a 503 error. Upon investigation, it seemed like an identity problem.
Before going much further, I should state that this account has worked for several months now. I've rebooted before, and everything started fine.
So I'm getting the (quite common) 5059, 5057, and 5021 errors in the log. They boil down to this:
The identity of application pool SVFileUpload is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
I thought I would just ensure the password and account were correct, so I go to the application pool, select identity-> custom and ensure it's set up right. I get an error:
There was an error while performing this operation. Details: Keyset does not exist (Exception from HRESULT: 0x80090016)
This was strange to me, so I tried setting the app pool to a built in account, and it worked fine. I get this error anytime I try to set to a custom account. Also, no app pools that are using custom accounts will run.
I googled a bit, unsure which error was the one I needed to track. I have tried:
registering the account on the command line via the aspnet_ tool
Making sure the user was in the IIS_IUSRS group
changing the permissions on C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys file(s)
adding a completely new user and trying to set an app pool to that users account
There was a couple other random things I tried from googling but I don't remember.
This error doesn't make sense to me, and it seems random. I need help figuring out 1) why I can't set an app pool to a custom account and 2) why the identity isn't working for my applications anymore
-Edit
I recently removed and re-added the user account I've been working with. I think that solves that problem. The problem remaining is I can't update the application pool because of the "keyset does not exist" error.
I found a couple of links that led me to a solution.
In c:\windows\system32\inetsrv\config\applicationHost.config I removed all the configProtectedData entries.
Then I removed everything in %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
I ran iissetup.exe /install SharedLibraries from the inetsrv directory, which resulted in a "Failed = 0x80070005"
I then was able to set up my application pools as if nothing happened.
See also https://techcommunity.microsoft.com/t5/IIS-Support-Blog/Keyset-does-not-exist-exception-from-HRESULT-0x8009000D-or-or/ba-p/342955 for a more detailed explanation
I ran the iisreset command and my problem was sovled
I had the same error-message because my user was not member of the "Local Administrators" group.
I was able to connect to the server because I was member of the "Remote Desktop Users" group.
I was able to open IIS Management and to change settings, but when I clicked on the "OK" or "Save" button - I got the "Keyset does not exist" - error message.
So my advice - check if you are an administrator.
I tried to change the Identity of Application Pool on a remote server and it failed with the above error.
I RDP into the remote machine and then tried to update the Identity using local IIS Manager and it worked.
For anyone on Windows server 2008 stumbling into this error:
this may occur when you are managing the IIS instance from another server using the remote management feature ('connect to another computer').
I resolved by managing the IIS instance from the server itself.
https://support.microsoft.com/en-hk/help/977754/-keyset-does-not-exist-error-message-when-you-try-to-change-the-identi
Since I am working on a fresh server I was able to uninstall the IIS Windows Feature and then re-add it.
I was able to change the App Pool Identity after that with no issues.
delete the rsa found here C:\Users\usernamn\AppData\Roaming\Microsoft\Crypto\RSA
MAKE A BACKUP JUST TO BE SURE WORKED FOR ME
Related
I am having an issue with IIS resulting in the app pool stopping, so I am getting a 503 error
Event Viewer reports
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - Access is denied.
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
I believe this may be because I followed instructions I found on google to clear down files from AppData amongst other place, last week when C: became full (bad move ). Sadly, there is no backup to reinstate the lost files. I expect I have removed an account or permissions somehow.
I have tried setting Load User Profile to False and also setting Identity to LocalSystem but not allowed these settings in the app pool
I was hoping to reinstall IIS but cannot find a solution for that. Does anyone please have advice?
Running IIS 7.5 on Win2008. Trying to change the App Pool Identity to Administrator user. When I click OK on the dialog, I get this error: "Not enough storage is available to process this command. (Exception from HRESULT: 0x80070008)
I have tried IISRest and also Restart the sever But issue didn't fix.
Below is the error from Event Viewer
An update conflict has occurred, and you must re-try this action. The object SearchDataAccessServiceInstance was updated by EDC2010-TEST\SPDatabaseConfig, in the OWSTIMER (1172) process, on machine EDC2010-TEST. View the tracing log for more information about the conflict.
Try to re-install IIS by using the server manager. According to Microsoft, this is a machine key corruption issue, which is used to encrypt and decrypt application pool identity credentials.
https://forums.iis.net/t/1180041.aspx
This is a Microsoft system-level problem, namely running out of interrupt request stack space, which can be fixed by making a registry change to allocate a larger IRPStackSize. It is discussed in the below link.
https://support.microsoft.com/en-us/help/106167/error-message-not-enough-server-storage-is-available-to-process-this-c
https://appuals.com/fix-not-enough-storage-available-process-command/
Feel free to let me know if there is anything I can help with.
This has solved the problem for me.
So I had a similar error and I could not find a resolve in any forums.
I'm using the "WMI Provider Host" to edit bindings in IIS using VBScript.
Anyways after trying a few suggestions such as netsh http delete sslcert ipport=0.0.0.0:443 Here and editing the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters > IRPStackSize Here.
I noticed when running my application the "WMI Provider Host" was getting to ±512MB in the ram and found that C:\Windows\System32\inetsrv\config\applicationHost.config was well over that size.
That's when I found this link to increase the memory allocation to the service.
Hopefully it helps.
I've setup a UNC share for IIS shared config using a specific AD service account and set to FULL CONTROL. I've also exported the config from one IIS server and set-up an additional IIS server to point to the share. When I open the applicationhost.config for example on the UNC share and remove an application pool, I can see the entry also remove in both IIS servers.
So I know:
1) I can export to the share with the specific service account
2) Both IIS servers can read the config when I edit manually
3) However when I remove an app pool from one of the IIS servers through the manager I get the above error.
I've tried using the process monitor utility to see what account is being used to write to the config and it seems it is my own AD user account rather than the shared service account. I know IIS Manager has my username e.g. ROOT\MYNAME logged on, but I wouldn't have thought it would use this to write changes to the shared config. Surely it would use the service account?
Does anyone know how to prevent this error? Why does the shared config and tied service account not come into play when making changes on one of the servers?
So, IMHO, this error is a red herring. I was publishing to a server and got a message saying I was out of space. So, I logged in, realized there was a bit of cruft in extra apps published in IIS, we didn't need. I right clicked and tried to remove one. I got the same error as you.
Having done some manual changes to applicationHost, I thought it "might be me" but it seemed very odd that editing this file would cause such a thing. However, I had recently learned that windows does some funky 32 vs 64bit machinations with this file (google it).
Deciding I had better things to do, I asked our IT to add space to the VM and guess what? I am no able to remove these apps. My guess is that I was at the end of the line on space and the backend management of these special files was not completing and throwing this not-so-helpful exception.
I'm not a 100% about this. For full disclosure, I will add that updates had been applied recently, but I'm pretty confident that this is a possible solution.
I've been trying to use Web Deploy 3.5 to deploy an application to an IIS 6 web server without any luck.
I am connecting using a domain service account that is an administrator of the remote server, but when I attempt to deploy (or validate the connection in VS2012) I receive a "ERROR_USER_NOT_ADMIN" error instead.
I read that Web Deploy 2.0 had a bug in it where a domain user account could not be used, but surely that's fixed by now? Right?
Has anyone had any luck with IIS 6.0, Web Deploy 3.5 and domain user accounts?
Anyone else trying this (with the right password ;-) , there is an issue using non domain accounts that gives this message, and the link in the error wasn't much use for me....
There is a regedit (yes, I know it's dirty, but this was a dev machine), which gets this working.... I'd tried everything from the MS link with adding users to additional groups etc, but still didn't work, the solution below did though.
Take a look at http://networkprogramming.wordpress.com/2010/10/29/401-not-authorized-for-msdeploy%E2%80%8F-msdeployagentservice/
Well this is embarrassing. It looks like that error message is also returned if the password is incorrect.
Oh well, you live and learn!
Another possibility: The user's password has expired.
Either
go into the "local users" within computer management and make sure Password never expires is checked, OR
run this command for that user: WMIC USERACCOUNT WHERE "Name='YOUR-USERNAME-HERE'" SET PasswordExpires=FALSE
I've recently ported to a different hosting company (VDS), and on the new server, installed IIS 7.5 Express, latest versions of PHP and MySQL.
I then copied the files from the old server to new server (NOTHING beyond the content of the folders of my websites, so no config files or anything except the web.configs in the sites themselves), set-up websites. I've tried to visit a website, and I got a 503 Service Unavailable message, tried both remotely and locally at the server, no change.
Tried on every site, even on Default Web Site, and no change: still 503.
I've checked the permissions to the folders of the websites (and all the children), and both my account, Network Service, Administrators have effectively full control of all the contents.
All the apps run in DefaultAppPool, which runs under ApplicationPoolIdentity. Tried creating a new app pool, moving sites there, no luck, tried setting "Load User Profile" to False in pool settings (read it here HTTP Error 503 on IIS 7.5 after SP Install), no change.
The event viewer in an extremely detailed way says:
"A process serving application pool 'DefaultAppPool' terminated unexpectedly. The process id was '2356'. The process exit code was '0xfffffffe'."
and nothing else. Five times of this error, and the pool is shut down due to rapid protection. I restart the pool, try again, nothing changes. No matter I'm trying to get an .aspx, .php, or static content. Here is the most weird part: when I set the app pool to run under LocalSystem, it works. No problem. But everything else fails.
I've checked the website folders about ten times, changed, erased, re-added rights etc tried everything but no change. It's as if there is another file that I'm forgetting to check that the pool's user is unable to access. But the event viewer does not help me. This started with the new server and I tried after installing everything, so I can't tell after what this started happening. I obviously won't be running under LocalSystem. Even my own user, Administrator, doesn't work.
The only identity that works is LocalSystem. My user, LocalService, NetworkService, ApplicationPoolIdentity all fail the same way. I'm going crazy, I'm 99% sure this is a user-rights issue. But all the website files are accessible, and I haven't changed anything in the system32 inetconfig or anywhere.
Ok, found my own answer again.
The process w3wp.exe runs under the DefaultAppPool user, not NETWORK SERVICE. I don't know why it doesn't run under NETWORK SERVICE, but after some research it turned out that the process needed access to C:\Windows\System32\inetsrv\config\schema and giving NETWORK SERVICE access didn't change anything. I've by coincidence found somewhere about the DefaultAppPool user, gave read permissions, and by starting the pool, all my websites started working perfectly. Quite weird, I always thought that the IIS processes ran under NETWORK SERVICE by default, and I'm sure that I haven't changed any setting.
Try running below commands with some changes
appcmd set apppool /apppool.name: <YourAppPoolHavingIssuesHere> /managedRuntieVersion:v<.net Framework version here>