Forum / Devolutions Password Server - Support

Application Pool is stopping

  • Create an Issue
  • Cancel

DPS version 6.1.3.0

Try to connect from RDM, error is "server unavailable". Look on DPS server, IIS Manager. dvls application pool is stopped. Start application pool, refresh RDM. pool shows stopped again.

Event log shows these errors:

The identity of application pool dvls is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.

Application pool dvls has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.

Application pool dvls has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.

I checked the domain account I use for the app pool, password is set to never expire. I changed it anyways.

I set up the DPS server to use integrated securtity (https://helpserver.devolutions.net/index.html?configure_integratedsecurity.htm), and has been working since installation.

Clock4 mths

Hello,

We're sorry you're experiencing issues with DPS (formerly known as DVLS).
Might it be possible that this account has been removed from SQL-Server?
If this Account has the right to open a Windows Session, you can try to login in windows and run MS SQL Server Management Studio (or even use RunAs to run MS SQL-S Management Studio).
You will then be able to see if the issue is on IIS side or SQL-Server Side.

Thanks for keeping us in touch.


Best regards,



Alex Belisle

signaturesignature

Clock4 mths

Pretty sure it's IIS.

1) change pool identify to LocalService, it works (in sql management studio the LocalService account is mapped to dvls\dbo schema)
2) I ran sql management studio as the service account, it authenticates and I can access the database.

Clock4 mths

"the data filed contains the error" from the event log entry above is 80070569, which is
0x80070569: Logon failure: the user has not been granted the requested logon type at this computer.
Verify that the task's Run-as name and password are valid and try again.


I've tried all the fixes I could find, log on as batch, impersonate after authentication, etc with no luck. I also created new domain accounts to try. In your documentation for setting up integrated security, there's no mention of these settings. When I initially set it up according to the directions it was successful. not sure if something changed with our group policy, but since there's no requirements in your instructions related to the domain account, I don't know where exactly to look.

Clock4 mths

Hello,

Thanks for your response.

Indeed our documentation states not GPO settings and assumes that no special restrictions are applied.
Unfortunately, the error you are getting right now is a very isolated case.
The fact that the LocalService does work indicates that IIS and app pool are working properly.

From what I read, it might have been caused by a change in policies.
Did you try the solution recommended here : https://social.technet.microsoft.com/Forums/Azure/en-US/83741b68-a69a-4b2d-a5a7-64b69e15868b/scheduled-task-failing-0x80070569-logon-failure-the-user-has-not-been-granted-the-requested-logon?forum=winservergen

Thanks for keeping us in touch.

Best regards,



Alex Belisle

signaturesignature

Clock4 mths

It was the "log on as batch" GPO as you eluded to. My default gpo was set to administrators and backup operators, so I added my domain account to the backup operators group. This did not work. If I explicitly put the domain account in the "log on as batch" gpo, then it worked. The account I had initially set up was not in the GPO explicitly nor had group membership in administrators or backup operators, so I still don't know why it stopped working.

Clock4 mths

Hello,

Thanks for the feedback, much appreciated.
Very glad it works now.
I'm wondering if it would have been possible that this setting was corrected in a previous session, and a reboot would have reapplied this setting...

Anyhow, it's fixed and that's what counts.

Best regards,



Alex Belisle

signaturesignature

Clock4 mths