16

When I start the application pool, and request a page in an application in that pool, I get a "HTTP Error 503. The service is unavailable."

If I look at the application pools in IIS, I can see that it has now stopped. Going to the event viewer I find this error message:

'The identity of application pool Badge.Web is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.'

I'm very sure the credentials I'm using is correct. Something else is causing the app pool to stop.

Ram
  • 661
  • 2
  • 12
  • 37
  • can you replicate this on a another machine? – rob Apr 04 '13 at 14:30
  • #Ram: Did you find the answer to your question. If yes can you please share it here as i am also facing same issue and the credentials i have provided for application pool user is correct. – vinay Jul 25 '14 at 05:56
  • 1
    You might find this question helpful: http://stackoverflow.com/questions/863537/asp-net-error-the-identity-of-application-pool-is-invalid – epotter Sep 15 '16 at 18:54

5 Answers5

20

I had a similar problem today when an application pool that used Windows user identity X stopped working after a password change for that user.

Apparently, some information linked to the old credentials was stored in the system, and I solved the problem by:

  • switching the app pool identity to NetworkService
  • switching it back to X using the new password

So far it's working fine.

GreenhouseVeg
  • 617
  • 5
  • 13
  • Thank you! You terminated 48 hours of sheer pain. – Peter Alfvin Jul 15 '14 at 23:46
  • This worked for me as well. In addition, I had to play with the site authentication settings to get it to deliver the service name to external services rather than sending anonymous authentication. Specifically, i had to enable Anonymous Authentication and disable Window Authentication and then swap them back to disabled Anonymous enabled Windows for it to work correctly. – Bill Stidham Apr 29 '16 at 17:54
9

I found an article saying

The fix is to ensure that the Service/AppPool accounts have the ‘Log on as a batch job’ and ‘Log on as a service’ user rights on the server. This right can be found in Local Security Policy > Computer Configuration > Windows Settings > Local Policies > User Rights Assignment. Either remove the conflicting Group Policy and fix the Local Policy or add the rights to the Group Policy.

http://waveformation.com/2009/06/08/event-5021-the-identity-of-application-pool-lsgroupexpapppool-is-invalid/

Waqar Ullah Khan
  • 131
  • 1
  • 3
  • I was unable change the policy because the infrastructure group controls that. However, I notice the administrator group had these rights. By adding my app pool custom account to the admin group I fixed the problem immediately. – Tom McDonald Jan 22 '18 at 22:14
  • Using the administrator group instead of fixing the group policy subverts the security benefit that the IT department wanted to achieve. – Oskar Berggren Nov 18 '21 at 21:50
4

While there may be several reasons why this may occur, in this specific case, the 503 error was occurring because the Application pool failed to start. This was because the password was changed recently for the Identity under which the application pool was trying to run. Fix was to go to the IIS Manager-> Application Pool -> Advanced Settings -> Process Model -> Identity and set the password to the new one.

It would also help to check the Event Viewer Logs(Event Viewer (Local) -> Windows Logs -> Application to look for specific causes of failure before proceeding to troubleshoot any further.

VamsiR
  • 41
  • 1
0

My problem was solved by changing Application Pool Identity to NetworkService, going to Advanced Settings > Process Model > Identity > NetworkService with the desired Application Pool selected.

Erick Petrucelli
  • 14,386
  • 8
  • 64
  • 84
user5263663
  • 9
  • 1
-1

I had the same issue and my solution was: Manager -> Application Pool -> "Select the pool" -> Advanced Settings -> Process Model -> Identity -> NetworkService

Tonigno
  • 94
  • 9