E2k7SP1 on Srv2k8 - IIS DefaultAppPool keeps stopping
I do have Entourage2008 clients if this fits into the picture. Server is Hub/Mailbox/CAS Roles. Root web site dies constantly with the following in the event log: - System - Provider [ Name] Microsoft-Windows-IIS-W3SVC-WP [ Guid] {670080D9-742A-4187-8D16-41143D1290BD} [ EventSourceName] W3SVC-WP - EventID 2297 [ Qualifiers] 49152 Version 0 Level 2 Task 0 Opcode 0 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2008-11-15T10:52:17.000Z EventRecordID 61838 Correlation - Execution [ ProcessID] 0 [ ThreadID] 0 Channel Application Computer mail.domain.com Security - EventData ApplicationPool DefaultAppPool ConfigException Cannot read configuration file due to insufficient permissions FileName \\?\C:\inetpub\temp\apppools\DefaultAppPool.config LineNumber 0 05000000 DefaultAppPool runs with the Network Service identity, which I have manually given NTFS read permission to the Network Service for the DefaultAppPool.config file. When the pool is stopped, I find that the read permission is gone. Granting permission lasts a day sometimes, but eventually the pool stops again. I have gone so far as grant the same permission to the apppools folder and set objects within to inherit permissions. It still loses the Network Service permission on the DefaultAppPool.config file. This is driving me nuts. What could be stripping the permissions?
November 17th, 2008 2:54am

Hi, The Network Service account is a built-in account that has fewer access rights on the system, if you want to modify and to view NTFS permissions for files or folders, then please try to use Icacls.exe to grant permission and view the permission. Besides, you can try to specify an identity for an application pool which has more permission. Note: By default, the DefaultAppPool application pool runs under the Network Service account. This account is local to the computer, and this account does not exist on another computer. Therefore, make sure that you configure the DefaultAppPool application pool to use an account that is a domain user. Then, you can use the same account on the UNC file server. Alternatively, you can create a workgroup account on the UNC file server and on the computer that is running IIS 7.0. About Icacls, you can refer to the article below: Icacls http://technet.microsoft.com/en-us/library/cc753525.aspx Hope it helps. Xiu
Free Windows Admin Tool Kit Click here and download it now
November 20th, 2008 9:52am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics