August 15th, 2011, 12:19 PM
Getting 403: Forbidden Access Is Denied Error, trying to secure a site using powershe
I'm writing a script in powershell to lockdown a cloud environment website application. I have installed SSL, created groups/users in AD, disabled users, disabled app pools and and created app pools to summarize the script. Win 2008 r2 / iis7. When testing the site, I am getting a "403 Forbidden: Access is denied" When I check the system logs, I see the following three messages:
Event ID: 5059
Application pool RiskChecker has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.
Event ID: 5057
Application pool RiskChecker has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.
Event ID: 5021
The identity of application pool XYZAppPool is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
What do these messages mean, and can anyone point me in the direction of how to resolve this? Thank you.
January 29th, 2012, 11:37 AM
Looking at the error message, its definitely a permission issue.
Make sure :
1] your application have a proper application pool
Or assign it a dedicated application pool for better isolation
2] the application pool have necessary permissions over web application
3] identity shown in application pool property is same for web site as well
4] password of application pool is synced properly in application pool properly as well as for the actual user on server
January 29th, 2012, 11:39 AM
additionally make sure that the status of application pool of your web application is "Running"