I need to use a user account as a custom identity for my App Pool. That user account is created and configured by a bunch of scripts which also register that account as a custom identity in the app pool.
That gives the following situation:
- There is a user account that is part of the administrators group.
- The account is a local user.
- It has both the permissions to "Log on as a service" and "Batch Log on". These permissions are given specifically to the user account itself and due to the user account being in the "administrators" group.
In the "Identity" tab in IIS of the appPool the username "RunTimeUser" is shown. - I have an IIS Site that is linked with said appPool.
The observed error is as follows:
- Both the site and the appPool are started.
- I fire a request against the site.
- That results in "503: Service unavailable"
- The appPool is now stopped (Probably the cause of 3.)
- The event log shows and event with ID 5021, which specifically says that the appPool was stopped because of a request against the site while somethings is wrong with the app Pools Identity.
- This behavior cannot be reproduced by any of my co-workers.
If I change the appPools identity from the user account "RunTimeUser" to either ".\RunTimeUser" or "NameOfMyMaschine\RunTimeUser" the problem goes away and I do not get an error when firing a request against the site. This can be reproduced for every site/appPool including the "DefaultAppPool" that comes with IIS.
This behavior appears erratic to me considering I am the only person in my team observing it. I have compared my setup to that of my co-workers and could not find any differences that would explain the different results we observe.
Sadly simply changing the appPool Identity to one of the two options specified will cause the app to not work and is thus not a solution to my problem.
The relevant specs of my system are:
Windows 10 Pro x64 Version 1709 (all Updates installed)
IIS 10 Version 10.0.16299.15
Any help is greatly appreciated.
