Hi, We have developed a BizTalk application and we have published as web service, but when we are trying to consume the application we are getting the an error and its logged in event log.

While deploying we have allowed Anonymous user access for the web services as well.

Following are the errror details - "Login failed for user 'IIS APPPOOL\ASP.NET v4.0 Classic'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <local machine>]"

I tried to change it other App pool as well. It seems an issue with permissions related to BizTalk user's/Group,

Please suggest which app pool should we select or should we give permissions to App Pools.

You need to create an Application Pool that is running under the "Isolated Host" Host Instance Account. Then you need to assign your application to run under this pool.

Refer https://msdn.microsoft.com/en-us/library/aa577661.aspx for Group and Account permissions and note

Also refer to https://msdn.microsoft.com/en-us/library/gg634599%28v=bts.70%29.aspx which talks about the planning required for publishing as web service. The role and config required for the app pool account is mentioned there

Regards.

The User of App Pool should be part of "BizTalk Isolated Host Users Group".

In your case user is "IIS APPPOOL\ASP.NET v4.0 Classic", so either you add this user to BizTalk Isolated Host Users Group or create a new App Pool with new user. I would suggest to go for new user specific to BizTalk.

This permission is required because IIS(App Pool(w3wp.exe)) will be publishing new messages to BizTalk Databases. So they should have required permissions to do that and in BizTalk we have a default group for the same, as suggested by Shankycheil.

You need to create an Application Pool that is running under the "Isolated Host" Host Instance Account. Then you need to assign your application to run under this pool.

Refer https://msdn.microsoft.com/en-us/library/aa577661.aspx for Group and Account permissions and note

Also refer to https://msdn.microsoft.com/en-us/library/gg634599%28v=bts.70%29.aspx which talks about the planning required for publishing as web service. The role and config required for the app pool account is mentioned there

Regards.

• Marked as answer by Angie xuMicrosoft contingent staff, Moderator 5 hours 0 minutes ago

You need to create an Application Pool that is running under the "Isolated Host" Host Instance Account. Then you need to assign your application to run under this pool.

Refer https://msdn.microsoft.com/en-us/library/aa577661.aspx for Group and Account permissions and note

Also refer to https://msdn.microsoft.com/en-us/library/gg634599%28v=bts.70%29.aspx which talks about the planning required for publishing as web service. The role and config required for the app pool account is mentioned there

Regards.

• Marked as answer by Angie xuMicrosoft contingent staff, Moderator Wednesday, April 08, 2015 2:03 AM

You need to create an Application Pool that is running under the "Isolated Host" Host Instance Account. Then you need to assign your application to run under this pool.

Refer https://msdn.microsoft.com/en-us/library/aa577661.aspx for Group and Account permissions and note

Also refer to https://msdn.microsoft.com/en-us/library/gg634599%28v=bts.70%29.aspx which talks about the planning required for publishing as web service. The role and config required for the app pool account is mentioned there

Regards.

• Marked as answer by Angie xuMicrosoft contingent staff, Moderator Wednesday, April 08, 2015 2:03 AM