iis app pool set credentials not working for specific network account


I am trying to set app pool credentials for a speccific domain account for an ASP.net MVC project on iis 7.5 on a Windows 7 enterprise server. I am using .Net version 4 and I believe this is set correctly throughout the iis interface.

We have set up a user account in the form of domainName\username with a specific password, that I'll denote password0 (not its real name). When I enter the user name (domainName\username) and the specific password (password0) and confirm it, the Set Credentials gives a message box saying The specified password is invalid. Type a new password.

After much research on Stack Overflow and elsewhere, this almost always is not a password problem (note how well the particular error message was chosen, but I digress), and usually a configuration problem with the account and the settings of the machine.

One site recommended as a work around to use command prompt to enter the settings, which does work for the app pool -- for those interested, the format is:

appcmd set config /section:applicationPools "/[name='specificAppPoolName'].processModel.identityType:SpecificUser" "/[name='specificAppPoolName'].processModel.userName:domainName\username" "/[name='specificAppPoolName'].processModel.password:password0"

This works, however, for the next step, when I go to the iis site using the app pool, and use iis --> Site --> specific site --> Basic Settings

and try to use the "Connect as" button, neither the passthrough nor the specific user works, if I try to set the specific user, the old password problem re-appears (undoubtedly it is not a mis-typed password, thanks again to whoever sets these error messages).

Test settings gives things like Login failure: unknown user name or bad password with code 0x8007052E (authentication) and the credentials used to access the specified physical path are invalid (authorization)

NOTE: I have already run

aspnet_regiis -ga domainName\username 

several times.

I have also specifically added domainName\username to the published folder for the MVC app.

I realize there are related stack overflow posts but I haven't been able to get anything to work and I am reluctant to re-open old questions. This is a fairly important set-up to make MVC generally a workable solution in our shop.

I have added some of the things that I tried in the comments, however, while some of the things "work" in the sense of being valid operations, to date they have not fixed the over-all problem.

Does anyone know how to do this, a work-around, or perhaps even have a link to a step-by-step set up for this configuration scenario?

Thanks in advance!

asked on Server Fault Dec 31, 2014 by JosephDoggie

2 Answers


I was tuning into this same issue and checked everything on the list with nothing helping. My fix was to go to computer management, select local users and groups and click properties for the user with the issue. On the General tab The check box Account is locked out was checked. I did not see this on any other user screen. Just a last thing to check if you are still having issues and everything else seems to be setup correctly.

answered on Server Fault Oct 9, 2017 by Luckbox72

It turns out I didn't have sufficient permissions on the machine and someone in our server group was easily able to accomplish this. See also https://stackoverflow.com/questions/27432364/mvc-5-iis-7-5-double-hop-issue-avoid-hard-coded-sql-passwords/27550079#comment44092453_27550079 where I posted the following: (corrected a spelling error here, for some reason wouldn't let me edit there):

Another way of doing this is having the app pool run under a user account (preferably a domain account), then one uses the following settings in web. config: Integrated Security=false; Trusted_Connection=True; NOTE: I also use MultipleActiveResultSets=true; which helps with other issues... the relevant app pool account must be granted a SQL account with the relevant permissions for your app

answered on Server Fault Jan 8, 2015 by JosephDoggie • edited May 23, 2017 by Community

User contributions licensed under CC BY-SA 3.0