locked
Classic .NET AppPool & DefaultAppPool missing on Local GPO "Log on as service" RRS feed

  • Question

  • Hello,
    I was modifing Local GPO Log on as service (Computer Configuration => Windows Settings => Security Settings => Local Policies => User Rights Assignments) and I got the error "An external error has occurred". After re-opened it, Classic .NET AppPool and DefaultAppPool were lost.

    I applied the KB2411938 and the IIS APPPOOL\DefaultAppPool was added again after server reboot, but not Classic .NET AppPool. So how can I restore it ?

    This interesting article Configuring Group Policies for your ConfigMgr Servers explains how to solve the same problem by using Domain GPO, and it worked fine but is there a way to restore Local GPO like before ?

    Thank you very much.

    Bye,
    Luca


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, July 5, 2012 8:48 AM

Answers

  • I found the solution here: How to manage local security policy?

    1. Open Local Group Policy: gpedit.msc
    2. Computer Configuration => Windows Settings => Security Settings right click and choose Export policy… to export the settings to a *.inf file
    3. Open *.inf file and search for SeServiceLogonRight and add: IIS AppPool\DefaultAppPool,IIS AppPool\Classic .NET AppPool
    4. Save the file
    5. Run the command: secedit /configure /db secedit.sdb /cfg <Path to the modified *.inf file>

    Enjoy


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Marked as answer by lucafabbri365 Thursday, July 5, 2012 10:26 AM
    Thursday, July 5, 2012 10:26 AM

All replies

  • Hello Luca, 

    I suggest you check this article once: http://support.microsoft.com/kb/2411938


    Regards, Ravikumar P

    Thursday, July 5, 2012 10:18 AM
  • I found the solution here: How to manage local security policy?

    1. Open Local Group Policy: gpedit.msc
    2. Computer Configuration => Windows Settings => Security Settings right click and choose Export policy… to export the settings to a *.inf file
    3. Open *.inf file and search for SeServiceLogonRight and add: IIS AppPool\DefaultAppPool,IIS AppPool\Classic .NET AppPool
    4. Save the file
    5. Run the command: secedit /configure /db secedit.sdb /cfg <Path to the modified *.inf file>

    Enjoy


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Marked as answer by lucafabbri365 Thursday, July 5, 2012 10:26 AM
    Thursday, July 5, 2012 10:26 AM
  • Hello,
    please read my post !!! ;-)

    I already followed KB2411938.


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.




    • Edited by lucafabbri365 Thursday, July 5, 2012 10:29 AM
    • Proposed as answer by Libero7 Thursday, July 5, 2012 4:53 PM
    • Unproposed as answer by Libero7 Thursday, July 5, 2012 4:54 PM
    Thursday, July 5, 2012 10:27 AM
  • I had a same problem and found that MS Article a bit too late and then came across your post.

    Worked like a charm ;)

    Thanks Luca!

    Thursday, July 5, 2012 4:55 PM
  • I had the same experience as @Libero7.  Was the hotfix supposed to cure the cause or fix the symptoms?  The article doesn't make it clear.
    • Edited by SSG31415926 Sunday, January 27, 2013 9:39 AM Punctuation
    Sunday, January 27, 2013 9:38 AM
  • Hello SSG31415926,
    as written on the Hotfix: "...this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem that is described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix."

    So if you are experiencing the error: "An external error has occurred. Failed to save Local Policy Database" once installed, you won't get the error anymore.

    Luca


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Sunday, January 27, 2013 11:11 AM
  • Yes, but the problem was that the accounts were missing.  The hotfix closes the stable door after the horse has bolted.  :-)

    Anyway, your fix appears to have solved the problem, although they are now listed as domain-qualified names rather than just the names.  I hope that's not significant.

    Monday, January 28, 2013 12:25 PM
  • Thanks it worked for me too.

    Sai

    Wednesday, May 7, 2014 6:10 AM
  • Thanks, Luca!

    Got a question though: When I go back to the Local Security Policy form, I'm no longer able to just type in "DefaultAppPool" or "Classic .NET AppPool".  They have to be prepended with "IIS AppPool\" instead.  I tried just leaving the prefix out of the inf file and running secedit, but then it couldn't find those users.  Is there a way to revert back to using the regular versions of those names?

    Wednesday, May 7, 2014 9:47 PM
  • Another way to get this back, is just go to compmgmt.msc, add the local group Classic .Net AppPool, click create,  and then run gpupdate /force

    now go into your user rights assignment and there ya go

    Thank you to Chris E. from a local donut company


    Stacy Anothersharepointblog.blogspot.com



    Tuesday, June 24, 2014 2:40 PM
  • Hello,

    I ran into the same problem.

    Both Classic .NET AppPool and DefaultAppPool were missing from the group policies and I too had got the error message "An external error has occurred. Failed to save Local Policy Database".

    The resolution that worked for me was to stop and start Classic .Net App Pool and Default App Pool from IIS Manager.

    After I restarted the app pools, I could see that the accounts were added back to the local policies as they were before I lost them.

    Hope this helps!

    Thank you!

    • Edited by SK_SP2010 Wednesday, January 28, 2015 8:26 PM
    Wednesday, January 28, 2015 6:31 PM