ASP.NET uses the default ASPNET account on a domain controller not to run normally!

Symptoms After installing Microsoft Visual Studio .NET or Microsoft .NET Framework on a domain controller or backup domain controller, if you try to run the ASP.NET application, the browser will display the following error message:

Server Application UNAVAILABLE

The Web Application You Are Attempting to Access On this Web Server IS Currently Unavailable.

Please hit the "refresh" Button in Your Web Browser to Retry Your Request.

In addition, the following events are logged in the system application event log:

ASPNET_WP.EXE COULD NOTBE LAUNCHED BECAUSE The UserName and / or Password Supplied in The ProcessModel Section of The Config File Are Invalid.

ASPNET_WP.EXE COULD NOT BE Started.

HRESULT for the failure: 80004005

This issue involves Internet Information Services (IIS) version 5.0 or higher.

Cause By default, in order to provide a safer environment, ASP.NET runs its auxiliary process (ASPNET_WP.EXE) with a weaker account (named the ASPNET's local computer account). On domain controllers or backup domain controllers, all user accounts are domain accounts instead of local computer accounts. Therefore, ASPNET_WP.EXE will not start because of the local account named "localmachinename / aspnet" that is not found. To provide a valid user account on the domain controller, you must specify an explicit account in the section of the Machine.config file, or you must use the System account.

Note: If you try to debug before trying to browse the page (click

Start button) will also encounter this problem.

Solution To resolve this issue, use one of the following methods:

Create a weak account with correct permissions, then configure the section of the Machine.config file to use the account. In the section of the Machine.config file, set the username property to System. Configure the section of the Machine.config file to use the administrator account.

Note: In ASP.NET 1.1, the ASPNET's process identifies IWAM_MACHINENAME, so there is no such problem.

Note: If the ASP.NET application is allowed to run as a System or administrator account, it will bring serious security issues. If any of these alternatives, the code running in the ASPNET_WP.EXE process will have the right to access domain controllers and domain settings. The executable starting from the ASPNET_WP.EXE process runs in the same context, and they also have access to domain controllers.

Therefore, Microsoft recommends using the first alternative method. To use the first alternative, follow these steps:

Create a user account called ASPUSER on your computer, then add this account to the user group. Note: This account can also be used if you change the password of the ASPNET account created by .NET Framework. You must know the password of this account because you need to add this password to the section in the later step. Grant the ASPUSER or ASPNET account "as a batch job login" user permission. Make sure this change appears in the Local Security Policy settings. Note: To grant "as a batch job login" user permission to grant this account, you may have to grant this user permission in each of the following security policies (starting from the control panel / management tool): Domain Controller Security Policy Domain Security Policy Local Security Policy Note: You may have to restart the server so that these changes take effect. Make sure that the ASPUSER or ASPNET account has the right to access all catalogs and files necessary for the ASPNET_WP.EXE process and provide services for the ASP.NET page. For additional information about what permissions that must be granted this account, click the article number below to see the article in the Microsoft Knowledge Base: 317012 Info: ASP.NET and request ID Open the Machine.config file. The path of this file is:% systemroot% / Microsoft.Net / Framework / V1.0.3705 / Config. In the section of the Machine.config file, change the username and password properties to the name and password of your account you created in the first step. For example: username = "domainname / aspuser" password = "aspuserpassword" saves changes to the Machine.config file.

Status Microsoft has confirmed that this is an error existing in the Microsoft product listed in this article. This error is corrected in ASP.NET (including in .NET Framework) 1.1.