PRB: Logon Failure: Unknown User Name or Bad Password When You Run Out-of-Process Webs

Article translations Article translations
Article ID: 255770 - View products that this article applies to.
This article was previously published under Q255770
Expand all | Collapse all

SYMPTOMS

Requests to out-of-process applications may generate the following events in the system event log:
Event ID: 10004 Source: DCOM
DCOM got error "Logon failure: unknown user name or bad password." and was unable to logon .\IWAM_MYSERVER in order to run the server: {1FD7A201-0823-479C-9A4B-2C6128585168}

Event ID: 36 Source: W3SVC
The server failed to load application '/LM/W3SVC/1/Root/op'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password.'

CAUSE

The IWAM_machine account may be out-of-sync. The IWAM_machine identity must be in synch in the metabase, the Security Account Manager (SAM), and COM+. Account information stored in the Internet Information Server (IIS) metabase is synchronized with the local SAM, but COM+ applications are not automatically updated.

RESOLUTION

IIS 5.0 provides Synciwam.vbs to update the launching identity of all IIS COM+ application packages that run out-of-process. The Synciwam.vbs script can be found in the \Inetpub\AdminScripts folder and can be run using Cscript or Wscript (see the Synciwam.vbs file for more information).

NOTE: Using Synciwam.vbs will reset all out-of-process applications (medium and high isolation) to IWAM_machine.

If SynchIWAM fails with the "empty username or password" error, it may be necessary to update the IWAM_ account manually in the IIS Out-Of-Process Pooled Applications object and all Web sites in which the Application Protection is set to High (Isolated).

For IIS 4.0

Check the Identity properties of each Web site. These packages are located under the Microsoft Transaction Server folder in the IIS Microsoft Management Console (MMC).
  1. In the IIS MMC, click to expand the Computers, My Computer, and Packages Installed nodes.
  2. Right-click each IIS Web site (that is, IIS - <Web_site_name>), and then click Properties.
  3. On the Identity tab, ensure that the IWAM_ account that is assigned to IIS Out-of-Process Pooled Applications appears in this window.
  4. On the Home Directory tab, if the Run in separate memory space (isolated process) check box is selected for any Web site, an object for that Web site also exists under the name IIS-<Web_site_name//root>.
  5. Repeat the preceding steps for each Web site that is running in separate memory space.

For IIS 5.0

Check the Identity properties of the IIS Out-of-Process Pooled Applications for Microsoft Transaction Server Properties and all Web sites that are set to High (Isolated) in the Application Protection list box on the Home Directory tab. These packages are located in the Adminstrative Tools/Component Services folder.
  1. Under the Console root, click to expand the Component Services, Computers, My Computer, and COM+ Applications nodes.
  2. Right-click the IIS Out-of-Process Pooled Applications object, and then click Properties.
  3. On the Identity tab, ensure that the IWAM_ account that is assigned to IIS Out-of-Process Pooled Applications appears in this window.
  4. Repeat the preceding steps for all Web sites that are set to High (Isolated) in the Application Protection list box (which are identifed as IIS-<Web_site_name//Root>).

STATUS

This behavior is by design.

Properties

Article ID: 255770 - Last Review: July 11, 2005 - Revision: 3.5
APPLIES TO
  • Microsoft Active Server Pages 4.0, when used with:
    • Microsoft Internet Information Server 4.0
    • Microsoft Internet Information Services 5.0
Keywords: 
kberrmsg kbprb kbsecurity kbsysadmin KB255770

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com