L
L0rdV0ld3m0rt
Guest
After installing the Windows October patches (KB4519972, KB4519561, KB4515854, kb4516655) on several of our 2008 R2 servers, any IIS application pools that were running from a Local or Domain account would not start. The windows event error was Event ID: 5059 "Application pool --- has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool". When restarting the pool it just gives another WAS error. Also received the pictured error which prompted me to look at Log on as batch rights.
I tried uninstalling all the updates, as well as trying to roll back from .Net 4.7.2 to 4.5, and even did a full VM restore to before the updates and still the App pools will not start. I compared every single group policy (before & after) and they are identical. The account is part of local administrators, IIS_IUSRS, and has locally applied log on as batch rights. I could not find any recent changes to user accounts, The username/password definitely were not changed. We have AV installed but ran a full scan from another AV and returned clean. The resolve to get the App pools back up and running was to create a service account that had "Log on as batch rights" applied from the domain gpo.
Fast forward a week and we had another servers app pools go down with the same errors after a server reboot. However, this server hadn't been patched in 2 months and no changes had been made. The reboot made me think policy again so did a backup from 2 weeks prior and brought it up completely disconnected from the network. App pools down again. As far as I could tell the server was identical. If you notice in the screen shot that it's just displaying the SID - unfortunately since this was a backup from restore of the production server I can't confirm whether it's simply because it's a domain acct and this server is running completely offline, OR maybe the issue of displaying the SID and not being able to resolve the actual user name could be the root cause? The fix was the same. I added that service account to the Log on as Batch policy and it starts again.
So here I am after days of troubleshooting, I have a "fix" (forcing batch logon rights through domain policy), but after searching all the tech forums I still have no idea what the root cause is. If the SID issue could be the cause, then what would cause THAT to happen, and to 8 different servers over the course of a week?? The commonalities are Win Server 2008, IIS 7, and that the server was rebooted. Nothing else changed that I'm aware of. Please help!
Continue reading...
I tried uninstalling all the updates, as well as trying to roll back from .Net 4.7.2 to 4.5, and even did a full VM restore to before the updates and still the App pools will not start. I compared every single group policy (before & after) and they are identical. The account is part of local administrators, IIS_IUSRS, and has locally applied log on as batch rights. I could not find any recent changes to user accounts, The username/password definitely were not changed. We have AV installed but ran a full scan from another AV and returned clean. The resolve to get the App pools back up and running was to create a service account that had "Log on as batch rights" applied from the domain gpo.
Fast forward a week and we had another servers app pools go down with the same errors after a server reboot. However, this server hadn't been patched in 2 months and no changes had been made. The reboot made me think policy again so did a backup from 2 weeks prior and brought it up completely disconnected from the network. App pools down again. As far as I could tell the server was identical. If you notice in the screen shot that it's just displaying the SID - unfortunately since this was a backup from restore of the production server I can't confirm whether it's simply because it's a domain acct and this server is running completely offline, OR maybe the issue of displaying the SID and not being able to resolve the actual user name could be the root cause? The fix was the same. I added that service account to the Log on as Batch policy and it starts again.
So here I am after days of troubleshooting, I have a "fix" (forcing batch logon rights through domain policy), but after searching all the tech forums I still have no idea what the root cause is. If the SID issue could be the cause, then what would cause THAT to happen, and to 8 different servers over the course of a week?? The commonalities are Win Server 2008, IIS 7, and that the server was rebooted. Nothing else changed that I'm aware of. Please help!
Continue reading...