Recently while deploying one of our website to IIS of a new production server (Windows 2012 Server), I was facing a weird issue. Whenever a user tries to launch the website, the application pool was getting crashed with Error - 503.
The application pool was running under "ApplicationPoolIdentity" account.
After investigating the event logs, I found the root cause of the issue as below:
Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\VSCommon\14.0\SQM\sqmdata00.sqm to location \\?\C:\Users\XXXXX.IIS APPPOOL.008\AppData\Local\Microsoft\VSCommon\14.0\SQM\sqmdata00.sqm. This error may be caused by network problems or insufficient security rights.
DETAIL - Access is denied.
The issue was related to security which is quite apparent from the error message, but it was something new for me, especially after successfully deploying more than 100 ASP.NET websites.
After a lot of research, I found following had to be done to resolve this issue -
1. Open the properties of "Default" user (i.e., "C:\Users\Default". Location may defer based on the installation).
2. Under Security, click "Advanced" followed to that click "Change Permissions". This should open "Advanced Security Settings for Default" dialog box.
3. Tick "Replace all child object permissions with inheritable permissions for this object" check box.
4. Click Apply and OK.
Now restart the application pool, and try accessing the website. This should fix the issue.
However, for me, it didn't end there. This resolved the 503 error, I was able to see the website getting loaded in the browser, and application pool was not shutting down which was perfect solution. But now, it was not loading any unmanaged resources (i.e., css, js, images, etc).
Further more investigations suggested that all these resources were failing to load due to "401.3 Unauthorized" error.
After another round of research and googling, I found the root cause which was even more strange.
1. Open "Authentication" settings of the website under IIS.
2. Select "Anonymous Authentication", and click "Edit" button.
3. Check which option is selected under "Anonymous user identity". If it is "Specific user", then congratulations, your problem will be resolved in a minute.
4. Change the option to "Application pool identity", and click "OK"
Restart Application Pool, and relaunch the website.
This time, the website should load properly and all expected resources.
Hope this helps
