We have an IIS 7.5 server farm set up using shared config. The config files were exported to a network share accessible to both machines. We know the shared config is working because everything is synched -- new sites, site bindings, URL rewrite rules -- everything except the app pool identity SIDs.
Creating an app pool in IIS 7.5 triggers the creation of a new app pool identity with a SID beginning with S-1-5-82 (more info). With shared config enabled, the app pool shows up on both nodes because it's stored in ApplicationHost.config, but its corresponding SID is only created on the node where I went through the "Add Application Pool" process.
I can open Computer Management on the first node and see the app pool identity in the IIS_IUSRS group. However, on the other node, this group is empty.
Is this a bug in IIS, or did we do something wrong with our shared config?
Update: The IIS_IUSRS group is inconsequential. The manifestation of the issue is that I can assign file permissions to the app pool identity on one node but not the other. It's similar to the topic of this question, but running IISRESET doesn't fix it on the second node.