When you access one of the ArchiveOne web services (e.g. the ArchiveOne Search page) the web page fails to load with error:
HTTP Error 503. The service is unavailable.
You find the application pool 'PSTEnterprise' is not running in IIS Manager. You are able to start the PSTEnterprise application pool, however whenever you attempt to access the PST Enterprise administration website it fails to load and the application pool stops running again.
In the Windows System event log, you see the Warning Event ID 5021 for WAS:
The identity of application pool PSTEnterprise is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
This is followed by Warning Event ID 5057 for WAS:
Application pool PSTEnterprise has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.
And finally Error Event ID 5059 for WAS:
Application pool PSTEnterprise has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.
There can be a number of causes of this issue:
· The application pool identity is not correct.
· The PSTEnterpriseAdmin account password is incorrect or has changed, or the account is locked.
· The PSTEnterpriseAdmin account is not a member of the correct local security groups on the web server.
· The PSTEnterpriseAdmin account does not have the necessary permissions over the Windows 'Temp' directory.
To resolve this issue, you will need to check each of the possible causes.
1. Confirm the PSTEnterprise application pool identity and password are correct:
a. Check that PSTEnterpriseAdmin account is not locked in Active Directory Users & Computers.
b. On the PST Enterprise server, launch IIS Manager, expand the server name in the left hand pane and select 'Application Pools'.
c. Confirm that the domain account listed against the application pool 'PSTEnterprise' in the 'Identity' column is the PSTEnterpriseAdmin account name.
d. If it is incorrect, update the application pool identity by right-clicking the 'PSTEnterprise' application pool and selecting 'Advanced Settings'.
e. Under the 'Process Model' section, click in the 'Identity' field and then click the '...' button.
f. In the Application Pool Identity window, ensure 'Custom account' is selected and click the 'Set' button.
g. In the Set Credentials window, enter the PSTEnterpriseAdmin account name in the 'User name' field in the form DOMAIN\USERNAME e.g. CUDA\PSTEnterpriseAdmin.
h. Enter the PSTEnterpriseAdmin account password in the 'Password' and 'Confirm Password' fields and click 'OK'. If the password you have entered is incorrect you will get a warning if the account is unable to login with the provided credentials.
i. Click 'OK' to close the remaining configuration windows and save your settings.
j. Now right-click the PSTEnterprise application pool and select 'Start'.
k. Once started, check if you can access the PST Enterprise Administrative website successfully. If not, proceed to the next section.
2. Confirm the PSTEnterpriseAdmin account local security group membership:
a. On the PST Enterprise server, open Server Manager.
b. Expand 'Configuration' > 'Local Users and Groups' > 'Groups'.
c. Right-click the IIS_IUSRS group and select 'Properties'.
d. If the PSTEnterpriseAdmin account is not a member of the group, click 'Add' to add this account.
e. If you have updated the group membership, recycle the PSTEnterprise application pool in IIS Manager as before and retest access to the PST Enterprise Administrative website.
3. Confirm the PSTEnterpriseAdmin account NTFS permissions on the Windows 'Temp' directory:
a. On the PST Enterprise server, browse to: C:\WINDOWS\Temp.
b. Right-click the Temp folder and select Properties.
c. Select the Security tab and confirm that the PSTEnterpriseAdmin account, or a security group which it is a member of, has Full Control permissions.
d. If not, add Full Control permissions for the PSTEnterpriseAdmin account on this folder.
e. Now recycle the PSTEnterprise application pool in IIS Manager as before and retest access to the PST Enterprise Administrative website.
4. Confirm the PSTEnterpriseAdmin account user rights assignment:
a. On the PST Enterprise server run 'secpol.msc'.
b. In the Local Security Policy console, expand Local Policies and select User Rights Assignment.
c. Double-click the 'Log on as a batch job' right and check the IIS_IUSRS group is listed. If not, add this group.
d. Double-click the 'Deny log on as a batch job' right and check the PSTEnterpriseAdmin account is not listed. If the account is listed, then remove it.
e. If you have modified the user rights, recycle the PSTEnterprise application pool in IIS Manager as before and retest access to the PST Enterprise Administrative website.
The PST Enterprise Administrative website should now be accessible.