Service Unavailable with Custom App Pool"s custom account.

I have successfully used a domain account to serve as the identity for a
"Windows Authentication Only" ASP.Net web application on one Windows 2003
server, but cannot get it to work on another Windows 2003 server. The error
on the second server is "Service Unavailable".

If I switch the custom pool to use the default Network Service authority and
grant that authority access to the web site root folder via ACLs, everything
works. If I switch it to use the custom account, any attempt to access the
web site - even a static HTML page - produces "Service Unavailable". The
custom account is not locked, the password in the custom pool is correct, the
aspnet_regiis /ag command was used to grant access to the metabase and the
ACLs on the web site's root folder was set for read-only rights. The
application uses the custom pool and has rights to read, run scripts and run
executables. W3SVC raises events 1057 (warning), 1059 (error) and 1021
(warning) and the custom pool is stopped.

I have gone through the security policies on both machines using a comparer,
and there are no additional restrictions on the server that the error occurs
on. I restart the pool and web site prior to each test.

I have looked on Google and MSDN KB and Premier support KB and cannot find
anything that fixes the problem.

I am stuck. How can I diagnose this problem?

Re: Service Unavailable with Custom App Pool"s custom account.

Is this custom account inside the IIS_WPG group.

The custom identity doesn't really come into play unless you are running
code that uses Process Identity, such as ASP.Net by default (though it is
configurable to impersonate another identity).

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"SpamAndEggs" wrote in message
news:16AB8BD2-450E-41D8-A9BA-2A48198F8E60@microsoft.com...
>I have successfully used a domain account to serve as the identity for a
> "Windows Authentication Only" ASP.Net web application on one Windows 2003
> server, but cannot get it to work on another Windows 2003 server. The
> error
> on the second server is "Service Unavailable".
>
> If I switch the custom pool to use the default Network Service authority
> and
> grant that authority access to the web site root folder via ACLs,
> everything
> works. If I switch it to use the custom account, any attempt to access
> the
> web site - even a static HTML page - produces "Service Unavailable". The
> custom account is not locked, the password in the custom pool is correct,
> the
> aspnet_regiis /ag command was used to grant access to the metabase and the
> ACLs on the web site's root folder was set for read-only rights. The
> application uses the custom pool and has rights to read, run scripts and
> run
> executables. W3SVC raises events 1057 (warning), 1059 (error) and 1021
> (warning) and the custom pool is stopped.
>
> I have gone through the security policies on both machines using a
> comparer,
> and there are no additional restrictions on the server that the error
> occurs
> on. I restart the pool and web site prior to each test.
>
> I have looked on Google and MSDN KB and Premier support KB and cannot find
> anything that fixes the problem.
>
> I am stuck. How can I diagnose this problem?
>