Microsoft KB Archive/255770

= PRB: Logon Failure: Unknown User Name or Bad Password When You Run Out-of-Process Webs =

Article ID: 255770

Article Last Modified on 7/11/2005

-

APPLIES TO

 Microsoft Active Server Pages 4.0, when used with:  Microsoft Internet Information Server 4.0

 Microsoft Internet Information Services 5.0 

-



This article was previously published under Q255770



SYMPTOMS
Requests to out-of-process applications may generate the following events in the system event log:

Event ID: 10004 Source: DCOM

DCOM got error "Logon failure: unknown user name or bad password." and was unable to logon .\IWAM_MYSERVER in order to run the server: {1FD7A201-0823-479C-9A4B-2C6128585168}

Event ID: 36 Source: W3SVC

The server failed to load application '/LM/W3SVC/1/Root/op'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password.'



CAUSE
The IWAM_machine account may be out-of-sync. The IWAM_machine identity must be in synch in the metabase, the Security Account Manager (SAM), and COM+. Account information stored in the Internet Information Server (IIS) metabase is synchronized with the local SAM, but COM+ applications are not automatically updated.



RESOLUTION
IIS 5.0 provides Synciwam.vbs to update the launching identity of all IIS COM+ application packages that run out-of-process. The Synciwam.vbs script can be found in the \Inetpub\AdminScripts folder and can be run using Cscript or Wscript (see the Synciwam.vbs file for more information).

NOTE: Using Synciwam.vbs will reset all out-of-process applications (medium and high isolation) to IWAM_machine.

If SynchIWAM fails with the "empty username or password" error, it may be necessary to update the IWAM_ account manually in the IIS Out-Of-Process Pooled Applications object and all Web sites in which the Application Protection is set to High (Isolated).

For IIS 4.0
Check the Identity properties of each Web site. These packages are located under the Microsoft Transaction Server folder in the IIS Microsoft Management Console (MMC).
 * 1) In the IIS MMC, click to expand the Computers, My Computer, and Packages Installed nodes.
 * 2) Right-click each IIS Web site (that is, IIS - <Web_site_name>), and then click Properties.
 * 3) On the Identity tab, ensure that the IWAM_ account that is assigned to IIS Out-of-Process Pooled Applications appears in this window.
 * 4) On the Home Directory tab, if the Run in separate memory space (isolated process) check box is selected for any Web site, an object for that Web site also exists under the name IIS-<Web_site_name//root>.
 * 5) Repeat the preceding steps for each Web site that is running in separate memory space.

For IIS 5.0
Check the Identity properties of the IIS Out-of-Process Pooled Applications for Microsoft Transaction Server Properties and all Web sites that are set to High (Isolated) in the Application Protection list box on the Home Directory tab. These packages are located in the Adminstrative Tools/Component Services folder.
 * 1) Under the Console root, click to expand the Component Services, Computers, My Computer, and COM+ Applications nodes.
 * 2) Right-click the IIS Out-of-Process Pooled Applications object, and then click Properties.
 * 3) On the Identity tab, ensure that the IWAM_ account that is assigned to IIS Out-of-Process Pooled Applications appears in this window.
 * 4) Repeat the preceding steps for all Web sites that are set to High (Isolated) in the Application Protection list box (which are identifed as IIS-<Web_site_name//Root>).

<div class="status_section">

STATUS
This behavior is by design.

Keywords: kberrmsg kbprb kbsecurity kbsysadmin KB255770

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.