in

ASP.NET Weblogs

Dave Burke - A freelance .NET Developer specializing in Online Communities

A freelance .NET Developer

IIS 6.0 App Pool Local User Accounts and a Windows Security Update Sting

Started the day with a client email telling me the site was unavailable, as in

Service Unavailable

unavailable.

Seems the network admin applied the latest Windows 2003 Security Update on the machine last night, which, little did I anticipate, change the IIS6 process identity.  From a google thread:

The process identity for IIS6 changed from Local System to Network Service for security reasons since it is bad security practice to run as "Local System" -- one successful buffer-overrun means your box is hacked (like Code Red/Nimda).

Fortunately I found that within a minute of two of googling on ((security and update) and "service unavailable".)  Another instance where library school paid off.  Hm, interesting topic for another post....

Changing the site's application pool from the app pool with the local user to the default application pool did the trick.  I encountered and fixed other permissions-related errors as a result of the security changes, but it was an annoyance that with no warning sites are crashing due to a windows security update.  And now, I guess, local accounts are a bad thing.  

Published May 27 2004, 05:57 PM by daveburke
Filed under:

Comments

 

Simon M said:

I hit more or less the same problem - have you any idea which service pack caused this problem?
June 17, 2004 9:34 AM
 

Dave Burke said:

Simon, I asked my network admin and he didn't know, only because he installs MS patches and updates so regularly that he doesn't record the specifics on the patches. Sorry. I can tell you the patch had to have come out in the week or two preceding the event (May 27) if that helps.
June 17, 2004 9:47 AM
 

Simon M said:

Thanks for checking - I guessed it had to be. My server abended yesterday during the day and I received this message. After talking to Microsoft for several hours (the suggestion being to reinstall IIS6), I applied your change and restarted the server and all was well.

So a big thanks for your help!
June 17, 2004 11:51 AM
 

Dave Burke said:

Simon, That's fantastic! Beats the heck out of reinstalling IIS6!
June 17, 2004 1:25 PM

Leave a Comment

(required)  
(optional)
(required)  
Add
Terms of Use