0

We have an IIS app hosted on Windows 2016 Server which runs fine, when running as Local User or Network Service. One of the customers is setting up the application to run on a Service Account (probably Group Managed Service account).

When running under the service account, the worker process shows as running until a request is received from the browser, and then it stops (503 error on web page).

However there is no Crash log (WER), Event log error, our application log and nothing even on ProcMon tool.

If the service account is added to the administrator group, then it does work fine.

Is there any way to track where the crash occurs i.e is in IIS Worker creation or .NET initialization or in my application code?

Application Details:

Web application based on C# MVC 4.6.1 IIS application binds to a self signed certificate. UAC is enabled on the machine. We don't seem to be doing any registry access in the application code

Notes:

In my environment, the application runs fine when run as "local" user account without administrator privileges.

Full permissions to the folder containing the application dlls under C:\Program Files\AppDir have been provided to the service account.

A windows service which works as backend , uses the exact same business logic initialization code during startup as the web application, but it is able to run fine under the service account.

We tried providing permissions via IIS_USERS too.

Thanks

Ranganathan
  • 29
  • 1
  • 4
  • You need to involve the domain administrators to see if any mandatory user rights have been denied on this service account, as IIS requires a lot https://support.microsoft.com/en-us/help/981949/description-of-default-permissions-and-user-rights-for-iis-7-0-and-lat – Lex Li May 16 '20 at 18:35
  • Thanks @LexLi. I guess I need to do that. – Ranganathan May 19 '20 at 06:35

0 Answers0