IIS App Pool Getting Stopped – An Investigation

One fine morning on Friday, we were reported an issue with IIS. The issue was that the application pools in IIS is getting stopped once the related website is browsed, hence resulting in HTTP Error 503 : Service Unavailable. It was also reported that the development team has not done anything specific in their code, which means issue is unexpected.

I started investigating the issue from Event Logs in windows. I could find a related event there as shown below:

IIS App Pool Warning


From the above event, I got an idea of what the issue is, either the credentials are wrong or it is something to be done with group policy (Log on as batch rights). I was pretty sure that for the service accounts associated with the application pool, we would give Password Never Expires in Active Directory.

The first step I did was to check the credentials set in the application pool. I cleared the preset credentials (by changing the App Pool Identity to some Built-In account) and again I entered the credentials manually. Starting the application pool and browsing the site resulted in the same error. So, again it was not an issue with the credentials.

Second step I tried was checking the group policy of this web server. I couldn’t find any group policy applied as batch logon rights. In RSOP, I could see for only one setting domain wide policy is set whereas for other GP settings, local wide is selected.

Googling was my next trial and I saw this post. From the link, I could understand that from IIS7 all the credentials set against application pool is mapped to IIS_IUSRS group. And this group is a member of Logon as a batch job group policy.

Again validating the group policy (both local and domain wide), I could find the issue. For resolving another issue, I applied a domain wide policy in Logon as a batch job, on the previous day and this overrode the local domain policy applied in the web server. Once I rolled back the change in domain wide policy, the application pool started working fine.

IIS Group and its policies was a new information for me and hence posting this issue with its full details here, hoping that it would help anyone in this world. Know more about Group Policies and its application here.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s