When trying to install a web site on my test machine (IIS Server) I got Error 503 Service Unavailable, after a long discussion with my seniors and searching on the Internet I found the solution to this problem. In my case, it was related to the application pool identity incorrect settings sometimes it happens due to Start Automatically property false too.
Before discussing this problem solution let me tell you what is Application
Pool Identities?
Application Pool Identities:
As we know that the IIS is a service that is inbuilt with Windows operating system.
Where IIS(Internet Information Services) introduces a new security feature in Service Pack 2 (SP2) of Windows Server 2008 and Windows Vista.
It's called Application Pool Identities. Application Pool Identities allow you to run Application Pools under a unique account without having to create and manage the domain or local accounts.
That is the of the Application Pool account corresponds to the name of the Application Pool.
The w3wp.exe (you can see this process within the process tab option in task manager) shows an IIS worker process running as the DefaultAppPool identity.
Application Pool Identity Accounts:
The worker processes in IIS 6.0, and in IIS 7 and above, run as NETWORK SERVICE by default. That is the NETWORK SERVICE is a built-in Windows identity. That's doesn't require a password and has only user privileges; that is, it is relatively low-privileged. Keep on maintain as a low-privileged account is a good security practice because then a software bug can't be used by a malicious user to take over the whole system. Although, a problem arose over time as more and more Windows system services started to run as NETWORK SERVICE. It is because services running as NETWORK SERVICE can tamper with other services that run under the same identity.
Since IIS worker processes are run third-party code by default (Classic ASP, ASP.NET, PHP code), it was time to isolate IIS worker processes from other Windows system services and run IIS worker processes under unique identities.
As I read the Windows operating system offers a feature called "virtual accounts" that allows IIS to create unique identities for each of its application pools.
Now let’s continue to resolve Error 503 Service Unavailable Problem, to resolve this problem you have to make some changes in IIS configuration, these changes are prescribed below the heading.
Configuring IIS Application Pool Identities:
Do you know if you want to run IIS 7.5 on Windows Server 2008 R2 then you don't need to do anything to use the new identity?
For each Application Pool you create, the IIS Admin Process (WAS) will create a virtual account with the name of the new application pool and run the Application Pool's worker processes under this account.
Although you are running Windows Server 2008, you have to change the IdentityType property of the Application Pools you create to ‘AppPoolIdentity’. Here is how:
Steps 1: Open IIS Manager (short command: inetmgr) with Administrator Authentication
Step 2:
Open the Application Pools node underneath the machine node. Select the Application Pool you want to change to run under an automatically generated Application Pool Identity.
Here I’m selecting ‘PHPWebCalendar’ Application Pool.
[You must be Read this Article:- Login and Registration Form in ASP.Net MVC]
Step 3:
Now right click on the selected Application Pool and click on the ‘Advanced Settings’ option.
Now here you have to set Start Automatically property ‘true’ and set Identity property is ‘ApplicationPoolIdentity’.
Now click button ‘Ok’, your configuration setting will be saved.
Note: To do the same step by using the command-line, you can call the appcmd
command-line tool the following way:
%windir%\system32\inetsrv\appcmd.exe set AppPool <your AppPool> - processmodel.identityType:ApplicationPoolIdentity
Securing Resources:
Whenever a new Application Pool is created, the IIS management process creates a security identifier (SID) that represents the name of the Application Pool itself.
For example, if you create an Application Pool with the name ‘MyAppPool’ a security identifier with the name ‘MyAppPool’ is created in the Windows Security system.
From this point on, resources can be secured by using this identity.
However, the identity is not a real user account; it will not show up as a user in the Windows User Management Console.
You can try this by selecting a file in Windows Explorer and adding the ‘DefaultAppPool’ identity to the file's Access Control List (ACL).
- Open Windows Explorer
- Select a file or directory.
- Right-click the file and select "Properties"
- Select the "Security" tab
- Click the "Edit" and then "Add" button
- Click the "Locations" button and make sure you select your machine.
- Enter ‘IIS AppPool\DefaultAppPool’ in the ‘enter the object names to select:’ text box.
- Click the ‘Check Names’ button and click ‘OK’.
Summary:
Application Pool Identities are a powerful new isolation feature introduced for Windows Server 2008, Windows Vista, Windows 7 and Windows Server 2008 R2.
It will make running IIS applications even more secure and reliable.
[Read this Article:-Data Binding in View using MVC]
mohan venkat
12-Apr-2017