I'm hoping someone will be able to help solve this problem I'm having, because it's driving me absolutely insane. I have been fighting with this for over a week now and cannot for the life of me figure out what setting is not configured properly.

My problem is that my IUSR and IWAM accounts are included in the Administrators group. Big issue, obviously. If I remove them, everything fails. I either can't access the site (IUSR) or the application doesn't work (IWAM). This is what my logs show me for each:

IUSR:

IWAM:

The first thing that stood out to me in those errors were the types. A 4 is supposedly a batch job and an 8 is NetworkClearText.

There are a couple of other messages I get when the IWAM is taken out, saying that my application pool is invalid but I think the root cause is the error above.

I have changed user right assignments, passwords, users, permissions as much as I can think to and still haven't been able to get it resolved. Most of the advice I received elsewhere was that I had something out of sync but how would an out-of-sync password/account be the issue if it works with admin privileges? It just seems to me there's another setting that I might be missing somewhere. All I know is that my final solution is about to be taking a bat to the computer

Any suggestions are certainly welcome and greatly appreciated!

Thanks,
Bill

Hey Armando,

Thanks for the reply. You are correct, IIS6 on a Server 2003 box.

IUSR is actually in both, Users and WPG. IWAM is only in WPG.

There is no ISAPI in use.

Thanks again. I appreciate your suggestions. These are things I have tried, but I did go back through that list and do it again just to be sure. I still receive the same results.

In addition to the errors posted above, which I think is where the underlying issue is (not being able to logon), I also get the below errors in my system log. I don't think it has anything to do with identity's and their passwords, as everything logs in and works perfectly - if they are added to the admin group. If not in the admin group, they can't logon. I even tried a simple 'runas' command to open a prompt as the IUSR and that too failed.

Service Unavailable.

The main site/application is run from that Default Application Pool. So if that can't start, the application doesn't work.

I don't think I can, but I will explore that with our vendor. There are several different application pools (they did all the configurations for their application), so I'm not sure what effort/time would be required to bring those back up.

GOT IT!!! 

http://support.microsoft.com/?id=285665


That did it. That damn policy was something I had recently changed per a checklist item. Apparently that's what was causing my issues.

Everything is back to normal and running as non-privileged users.

Armando and Ketchup, thank you both for your help and suggestions!!

Good thing it's Friday, I need a drink

Bill,

Check user rights.  I found that on my box, IUSR was a member of the guest group and guests where denied access to the system both locally and over the network.