We recently upgraded our SBS 2003 server to SBS 2011 - we followed the SBS Migration process (http://www.sbsmigration.com/
), which essentially results in migrating the existing AD from the 'old' SBS server / domain onto the new server. In a nutshell, here's the issue:
In our SBS 2003 configuration, we had an additional domain controller (Windows Server 2003, *not* R2) named 'ML2' - this ran a web service that we created in-house, which has been running without incident for several years. As part of the migration, the following changes were made to the 'ML2' server:
1) It was demoted to a member server in the domain (via DCPromo) - note that the domain did not change, i.e. the active directory / domain is the same as the SBS 2003 domain.
2) The server was renamed 'ML3' (as we replaced both of the 'old' DC's).
As mentioned above, this server (ML3, formerly DC ML2) is running an IIS 6 web service used by our business partners. The service now returns the generic 'Service Unavailable' message. Troubleshooting this further, I'm seeing the W3SVC Event 1021 : "The identity of application pool, 'PLDirectConnectAppPool' is invalid". The error number in the data field is: 80070569.
This application pool is using Configurable Identity, with the same domain user account that was working prior to our server migration. I've checked that this account is still a member of the IIS_WPG group, and also reset the password as a troubleshooting step.
Following another suggestion, in ML3's Group Policy editor (Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment), I added the IIS_WPG group to the following:
- Adjust memory quotas for a process
- Logon as a service
- Replace a process level token.
(Even though the web service / app pool worked fine pre-migration without these policies).
None of the above has eliminated the 'Invalid Application Pool' event, however.
As a further test, I created a new user account in the domain, and added that to the IIS_WPG group. I then created a new 'Test' Application pool using this account, and received the same error. As a further test, I added the test account to the Domain Admins group (same result) and then tried specifying the domain Administrator account as the Configurable Identity. Same result.
At this point, I'm a little confused and out of ideas about what might be wrong and how to further troubleshoot this issue.
Any ideas anybody?