Hope I'm in the correct wheelhouse.
Frankly, I'm totally unsure why this is happening.
So, if I want to change the identity in an apppool in windows to a domain user, I goto
IIS manager -> app Pool -> advanced setting -> scroll down to identity -> make change
Everything works as expected.
But, if I run appcmd.exe or with powershell Set-Itemproperty
appcmd.exe set config /section:applicationPools "/[name='$site'].processModel.identityType:SpecificUser" `
"/[name='$site'].processModel.userName:DOMAIN\USERNAME" "/[name='$site'].processModel.password:PASSWORD"
Set-ItemProperty IIS:\AppPools\$site -name processModel -value @{userName=DOMAIN\USERNAME;password=PASSWORD;identitytype=3}
The second we try to use the app, the pool dies.
WAS Event ID 5021
The identity of application pool $site is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
I've searched around for a solution, and people are suggesting this.
Run aspnet_regiis -ga DOMAIN\USER to add permissions to access the IIS Metabase.
What I would like to know is why can't I programmatically set the identity? Also, I do not know if the above is the fix for my issue, but when I enter the username and password in the GUI, is that happening in the background somewhere?
And is the above documented anywhere? I don't see it documented, but there are many post stating running aspnet_regiis solved this exact issue.
Any ideas or assistance would be appreciated.
Thanks.