4

I am trying to set app pool credentials for a speccific domain account for an ASP.net MVC project on iis 7.5 on a Windows 7 enterprise server. I am using .Net version 4 and I believe this is set correctly throughout the iis interface.

We have set up a user account in the form of domainName\username with a specific password, that I'll denote password0 (not its real name). When I enter the user name (domainName\username) and the specific password (password0) and confirm it, the Set Credentials gives a message box saying The specified password is invalid. Type a new password.

After much research on Stack Overflow and elsewhere, this almost always is not a password problem (note how well the particular error message was chosen, but I digress), and usually a configuration problem with the account and the settings of the machine.

One site recommended as a work around to use command prompt to enter the settings, which does work for the app pool -- for those interested, the format is:

appcmd set config /section:applicationPools "/[name='specificAppPoolName'].processModel.identityType:SpecificUser" "/[name='specificAppPoolName'].processModel.userName:domainName\username" "/[name='specificAppPoolName'].processModel.password:password0"

This works, however, for the next step, when I go to the iis site using the app pool, and use iis --> Site --> specific site --> Basic Settings

and try to use the "Connect as" button, neither the passthrough nor the specific user works, if I try to set the specific user, the old password problem re-appears (undoubtedly it is not a mis-typed password, thanks again to whoever sets these error messages).

Test settings gives things like Login failure: unknown user name or bad password with code 0x8007052E (authentication) and the credentials used to access the specified physical path are invalid (authorization)

NOTE: I have already run 

aspnet_regiis -ga domainName\username

several times.

I have also specifically added domainName\username to the published folder for the MVC app.

I realize there are related stack overflow posts but I haven't been able to get anything to work and I am reluctant to re-open old questions. This is a fairly important set-up to make MVC generally a workable solution in our shop.

I have added some of the things that I tried in the comments, however, while some of the things "work" in the sense of being valid operations, to date they have not fixed the over-all problem.

Does anyone know how to do this, a work-around, or perhaps even have a link to a step-by-step set up for this configuration scenario?

Thanks in advance!

JosephDoggie
  • 229
  • 2
  • 4
  • 14
  • If it helps to diagnose the problem, if I try to browse to the site, using an intranet connection on IE, I get the Service Unavailable error. This has the description: HTTP Error 503. The service is unavailable. – JosephDoggie Dec 31 '14 at 17:07
  • Furthermore, in Event Viewer, under Windows Logs --> System, there is an "Error" with exclamation mark (red) saying... Application pool specificAppPoolName has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool. – JosephDoggie Dec 31 '14 at 17:09
  • In the spirit of using command line, I also did a command line for the iis "site" itself, which has the following command line syntax: APPCMD.exe set vdir /vdir.name:"siteName/" /userName:"domainName\username" /password:"password0" [although this "works" as a command prompt command, it still doesn't fix the over-all problem] – JosephDoggie Dec 31 '14 at 18:28
  • I've been looking into this, and to add to the complexity, the account I'm working with keeps getting locked out, and I can't reset it and have to ask someone else to do so.... – JosephDoggie Dec 31 '14 at 20:11
  • 2
    I think this comes down to the domain account issue and that question may be better off in the Server Fault site. Have you tried ensuring the 'user must change password' option is off, 'password never expires' is on and 'user cannot change password' is checked when creating the user? Also check that the account has read/execute permission on the site folder. – avvi Jan 01 '15 at 15:58
  • I did give the account all the permissions on the folder, still doesn't work. – JosephDoggie Jan 02 '15 at 14:08

2 Answers2

3

I was tuning into this same issue and checked everything on the list with nothing helping. My fix was to go to computer management, select local users and groups and click properties for the user with the issue. On the General tab The check box Account is locked out was checked. I did not see this on any other user screen. Just a last thing to check if you are still having issues and everything else seems to be setup correctly.

Luckbox72
  • 46
  • 2
2

It turns out I didn't have sufficient permissions on the machine and someone in our server group was easily able to accomplish this. See also https://stackoverflow.com/questions/27432364/mvc-5-iis-7-5-double-hop-issue-avoid-hard-coded-sql-passwords/27550079#comment44092453_27550079 where I posted the following: (corrected a spelling error here, for some reason wouldn't let me edit there):

Another way of doing this is having the app pool run under a user account (preferably a domain account), then one uses the following settings in web. config: Integrated Security=false; Trusted_Connection=True; NOTE: I also use MultipleActiveResultSets=true; which helps with other issues... the relevant app pool account must be granted a SQL account with the relevant permissions for your app

Community
  • 1
JosephDoggie
  • 229
  • 2
  • 4
  • 14