#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    1
    Rep Power
    0

    Unhappy Getting 403: Forbidden Access Is Denied Error, trying to secure a site using powershe


    I'm writing a script in powershell to lockdown a cloud environment website application. I have installed SSL, created groups/users in AD, disabled users, disabled app pools and and created app pools to summarize the script. Win 2008 r2 / iis7. When testing the site, I am getting a "403 Forbidden: Access is denied" When I check the system logs, I see the following three messages:

    Level: Error

    Source: WAS

    Event ID: 5059

    Application pool RiskChecker has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.

    Level: Warning

    Source: WAS

    Event ID: 5057

    Application pool RiskChecker has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.

    Level: Warning

    Source: WAS

    Event ID: 5021

    The identity of application pool XYZAppPool is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.

    What do these messages mean, and can anyone point me in the direction of how to resolve this? Thank you.
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2012
    Posts
    17
    Rep Power
    0
    Hi,

    Looking at the error message, its definitely a permission issue.
    Make sure :

    1] your application have a proper application pool
    Or assign it a dedicated application pool for better isolation
    2] the application pool have necessary permissions over web application
    3] identity shown in application pool property is same for web site as well
    4] password of application pool is synced properly in application pool properly as well as for the actual user on server
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2012
    Posts
    17
    Rep Power
    0
    additionally make sure that the status of application pool of your web application is "Running"

IMN logo majestic logo threadwatch logo seochat tools logo