IIS7.5 App Pools & Network Shares

I'm running IIS7.5 and have several .NET 4.0 sites running on IIS.

One of these sites, we'll call it "Site A", is using network sharing and it works.

Another site, call it "Site B", also uses network sharing (to the same shares Site A accesses), but it doesn't work. I get "access denied" errors.

I went to Site B's app pool and changed the "Identity" to "NetworkService" and Site B was able to start accsessing network shares.

The problem is, Site B's app pool and Site A's app pool were set up identically. Site A's app pool uses the "ApplicationPoolIdentity" identity and it's able to access the shares with no problem.

Can anyone explain why and let me know how to get Site B to access network shares using the "ApplicationPoolIdentity" identity?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

infotechelgAuthor Commented:
The only difference between the two sites is that Site B is an MVC application, and Site A isn't. Though, I don't see how that could make a difference when it comes to my issue.
Brad HoweDevOps ManagerCommented:
Should work fine IF they are identical. The applicationPool identity impersonates this user <domain-mname>\<machine-name>$ when accessing network resources.

Please run the following and compare:

c:\Windows\System32\inetsrv>appcmd list APPPOOL "YOUR APP POOL NAME" /text:*

Also, if you place your App under the SiteA appPool does it work?

Lastly, if these are different servers, then you will most like need to grant the machine$ account access to the share too.

Let us know if you see no differences.
infotechelgAuthor Commented:
Thanks hades. Unfortunately, I get "access denied" error when I try to run this command.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Brad HoweDevOps ManagerCommented:
Are you running CMD under the RUN AS ADMINISTRATOR context?

appcmd is a restricted exe.


infotechelgAuthor Commented:
Thanks, hades. I ran the command on the two app pools and, except for the difference in identityType, they're identical.

And yes, I moved Site B's app pool to Site A's and it worked.
Brad HoweDevOps ManagerCommented:
Strange. So your setup is as such.

      Site A using SiteA_appPool
      Site B using SiteB_appPool
SiteA_AppPool running under Application PoolIdentity
SiteB_AppPool running under Network Service

When Site B uses SiteB_AppPool, it doesn't work.
When Site B uses SiteA_AppPool, it works?

Application Pool identities also use the machine account to access network resources. The fact that it works by flipping the appPools tends to show other missing configurations.

SHARE permissions and Security permissions should allow for
full access.

Are Codebases different?
Are both sites using the same authentication?
Where is this network share located?

Let me know,

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
infotechelgAuthor Commented:
SiteB_AppPool is running under NetworkService because running it under ApplicationPoolIdentity wasn't working with the shared files on the network.

SiteA is a .NET Website, SiteB is a .NET MVC Application.

However, there is a new issue. SiteC, which also uses the same shares, was using ApplicationPoolIdentity and it was working. I had to restart the app pool and, all of a sudden, it started behaving like SiteB and I had to change the Identity to NetworkService. SiteC is also a .NET Website like SiteA.

The network share is located on a different server, but on the same network. All three sites share the same folders.

infotechelgAuthor Commented:
So, I had to restart Site A's app pool, and now ApplicationPoolIdentity doesn't work anymore. Had to switch to NetworkService.

This is really frustrating.
infotechelgAuthor Commented:
Brad HoweDevOps ManagerCommented:
That makes no sense to me. APPID uses the $MACHINEACCOUNT and is the same account that NetworkService uses.

Was this machine cloned, imaged, restored recently?

infotechelgAuthor Commented:
It wasn't cloned or imaged. I know they rebuilt it because the initial installation of IIS wasn't performing properly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.