FIX: ASP.NET does not work with the default ASPNET account on a domain controller
Retired KB Content Disclaimer
The web application you are attempting to access on this web server is currently unavailable.
Please hit the "Refresh" button in your web browser to retry your request.
aspnet_wp.exe could not be started.
HRESULT for the failure: 80004005
Note If you try to debug (click the Start button) before you try to browse to the page you can experience the exact same problem.
- Create a weak account that has the correct permissions, and then configure the <processModel> section of the Machine.config file to use that account.
- Set the userName attribute to SYSTEM in the <processModel> section of the Machine.config file.
- Configure the <processModel> section of the Machine.config file to use an administrator account.
Therefore, Microsoft recommends that you use the first workaround. To use the first workaround, follow these steps:
- Create a user account on the computer named ASPUSER, and then add this account to the Users group.
Note You can also use the ASPNET account that the .NET Framework created if you change the password on this account. You must know the password on this account because you add the password to the <processModel> section later in these steps.
- Grant the ASPUSER or the ASPNET account the Log on as a batch job user right. Make sure that this change appears in the Local Security Policy settings.
Note To grant the Log on as a batch job user right on this account, you may have to grant this user right in each of the following security policies (From the Control Panel/Administrative Tools):
- Domain Controller Security Policy
- Domain Security Policy
- Local Security Policy
Note You may have to reboot the server for these changes to take effect.
- Make sure that the ASPUSER or the ASPNET account has permission to access all of the necessary directories and files to start the Aspnet_wp.exe process and to serve the ASP.NET pages.For additional information about what permissions you must grant to this account, click the following article number to view the article in the Microsoft Knowledge Base:317012 Process and request identity in ASP.NET
- Open the Machine.config file. The path to the file is: %Systemroot%\Microsoft.NET\Framework\v1.0.3705\CONFIG.
- In the <processModel> section of the Machine.config file, change the userName and the password attributes to the name and the password of the account that you created in step 1. For example:
- Save the changes to the Machine.config file.
Article ID: 315158 - Last Review: 12/19/2007 16:37:36 - Revision: 5.3
- kbproductlink kbfix kbbug kbconfig kbhttpruntime kbreadme kbsecurity KB315158