IIS 503 Service Unavailble

Hello Experts.  I have exhaustively tried to make IIS 7.5 work on Windows 7 pro.  This is a brand new, clean install.  I've made sure I am logged on as a local administrator and I have unregistered/re-registered ASP 2.0.  I'm not trying to do anything fancy.  I simply want the default page to come up.  I can't think of anything else to do.  The solution may be staring me in the face but I'm not seeing it.  I've looked through a number of threads on the internet but I haven't come across a solution.  Below is the error I receive.

The worker process for application pool 'DefaultAppPool' encountered an error 'Cannot read configuration file due to insufficient permissions ' trying to read configuration data from file '\\?\C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config', line number '0'.  The data field contains the error code.

Source: IIS-W3SVC-WP
Event ID: 2307

After entering http://localhost/ the DefaultAppPool stops.

Please tell me what I'm doing wrong.  Thanks!
CMWintersAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve BinkCommented:
It sounds like the installation did not assign the appropriate permissions.  Using the aspnet_regiis tool (found in %windir%\Microsoft.Net\Framework\<version_number>) should take care of that as well, and is the prescribed method for resolving this particular permissions issue.  If still no joy, take a look here:

http://serverfault.com/questions/81165/how-to-assign-permissions-to-applicationpoolidentity-account

Specifically:

icacls c:\inetpub\wwwroot /grant "IIS APPPOOL\DefaultAppPool":(OI)(CI)(RX)

Change the path (c:\inetpub\wwwroot) to the path presented in the error.  Once you run that command, you can then modify the security settings through the normal properties page available in Windows Explorer.  The application pool identities are "invisible" accounts unless you have set them up to run as specific users.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CMWintersAuthor Commented:
Thanks for the help.  What access would you give the config file?  This will be for a domain user who'll be developing web pages that will be hosted on a different server.  It's only for them to test their stuff. I gave full control to IIS_IUSRS (PCNAME\IIS_USRS). I know this is not advised but I just wanted to see if it would work. Should I just give the domain account access to this file?  Thanks again!
Steve BinkCommented:
>>> I gave full control to IIS_IUSRS (PCNAME\IIS_USRS).

That is a *horrible* idea.  The machine.config file controls the base configuration of the .NET framework for the whole server.

Also take a look here:  http://support.microsoft.com/kb/329065.  

The fact is that these permissions should be set automatically by the server.  If they are not being set (or appear to not be set), you're identifying a symptom, not the problem.  The icacls work-around is just that - it works around the problem by addressing the symptom.

If it is necessary, set to minimum permissions to allow your application to work.  Microsoft says the local admins should have read-write.  Remember that you are not setting permissions for the user.  You are setting permissions for the user account shown in the application pool's identity, i.e., the user the application will run as.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Servers

From novice to tech pro — start learning today.