ArchiveOne Enterprise, all versions
When you access one of the ArchiveOne web services (e.g. the ArchiveOne Search page) the web page fails to load with error:
HTTP Error 503. The service is unavailable.
You find the application pool 'ArchiveOne' is not running in IIS Manager. You are able to start the ArchiveOne application pool, however whenever you attempt to access the ArchiveOne Search web page it fails to load and the application pool stops running again.
In the Windows System event log, you see the Warning Event ID 5021 for WAS:
The identity of application pool Archive One is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
This is followed by Warning Event ID 5057 for WAS:
Application pool Archive One has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.
And finally Error Event ID 5059 for WAS:
Application pool Archive One has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.
There can be a number of causes of this issue:
- The application pool identity is not correct.
- The ArchiveOne service account password is incorrect or has changed, or the account is locked.
- The ArchiveOne service account is not a member of the correct local security groups on the web server.
- The ArchiveOne service account does not have the necessary permissions over the Windows 'Temp' directory.
- The ArchiveOne service account does not have the necessary rights to run as a service or logon as a batch job.
To resolve this issue, you will need to check each of the possible causes.
Confirm the ArchiveOne application pool identity and password are correct:
- The ArchiveOne service account name can be determined as follows:HOWTO: Determine the current ArchiveOne Enterprise (Policy) configuration.
- Once you have determined the ArchiveOne service account name, check that account is not locked in Active Directory Users & Computers.
- Open IIS Manager on the server(s) hosting the ArchiveOne web services. If you are unsure as to which servers host the ArchiveOne web components, refer to How to Determine the Current Installation Configuration Settings in the Barracuda TechLibrary.
- In IIS Manager, expand the server name in the left hand pane and select 'Application Pools'.
- Confirm that the domain account listed against the application pool 'Archive One' in the 'Identity' column is the ArchiveOne service account name.
- Update the application pool identity by right-clicking the 'Archive One' application pool and selecting 'Advanced Settings'.
- Under the 'Process Model' section, click in the 'Identity' field and then click the '...' button.
- In the Application Pool Identity window, ensure 'Custom account' is selected and click the 'Set' button.
- In the Set Credentials window, enter the ArchiveOne service account name in the 'User name' field in the form DOMAIN\USERNAME e.g. CUDA\ArchiveOneAdmin.
- Enter the ArchiveOne service account password in the 'Password' and 'Confirm Password' fields and click 'OK'. If the password you have entered is incorrect you will get a warning if the account is unable to login with the provided credentials.
- Click 'OK' to close the remaining configuration windows and save your settings.
- Now right-click the Archive One application pool and select 'Start'.
- Once started, check if you can access the ArchiveOne search page successfully. If not, proceed to the next section.
Confirm the ArchiveOne service account local security group membership:
- On each of the web server(s), open Server Manager.
- Expand 'Configuration' > 'Local Users and Groups' > 'Groups'.
- Right-click the IIS_IUSRS group and select 'Properties'.
- If the ArchiveOne service account is not a member of the group, click 'Add' to add this account.
- If you have updated the group membership, recycle the ArchiveOne application pool in IIS Manager as before and retest access to the ArchiveOne search page.
Confirm the ArchiveOne service account NTFS permissions on the Windows 'Temp' directory:
- On each of the web server(s), browse to: C:\WINDOWS\Temp.
- Right-click the Temp folder and select Properties.
- Select the Security tab and confirm that the ArchiveOne service account, or a security group which it is a member of, has Full Control permissions.
- If not, add Full Control permissions for the ArchiveOne service account on this folder.
- Now recycle the ArchiveOne application pool in IIS Manager as before and retest access to the ArchiveOne search page.
Confirm the ArchiveOne service account user rights assignment:
- On each of the web server(s), run 'secpol.msc'.
- In the Local Security Policy console, expand Local Policies and select User Rights Assignment.
- Double-click the 'Log on as a service' right and check the ArchiveOne service account is listed. If not, add the ArchiveOne service account.
- Double-click the 'Log on as a batch job' right and check the IIS_IUSRS group is listed. If not, add this group.
- Double-click the 'Deny log on as a service' right and check the ArchiveOne service account is not listed. If the account is listed then remove it.
- Double-click the 'Deny log on as a batch job' right and check the ArchiveOne service account is not listed. If the account is listed then remove it.
- If you have modified the user rights, now recycle the ArchiveOne application pool in IIS Manager as before and retest access to the ArchiveOne search page.
The ArchiveOne Search page should now be accessible.
Link To This Page: