locked
Failed to perform Application Pool discovery (IIS7) RRS feed

  • Question

  • Since a couple of days two of our servers started generating discovery errors for application pools. Never done it before and no changes are made. Strange enough the two servers that are generating the alerts started that almost at the same moment.  Already did a manually Flush Health Service State and Cache (stopping the service, remove store and start services again), rebooted machine but the alerting (and the events in the eventlog) keeps returning.

    Details
    Failed to retrieve one or more properties of application pool 'DefaultAppPool'. Discovery will continue for other application pools.
    Error: 0x8000ffff

    Details: Catastrophic failureOne or more workflows were affected by this.
    Workflow name: Microsoft.Windows.InternetInformationServices.2008.Discover15To30AppPools
    Instance name: IIS Web Server

    The discovery object details don't give more information what he is trying to do (and maybe why it fails). Both servers only have 6 application pools and 3 of them has this problem. I found out that only the application pools that are configured with the ApplicationPoolIdentity generate the error. If I change this to anything else the problem goes away, BUT on other servers the same setting is not causing alerts. All other settings are the same.

    Anyone got a clue what the cause can be?

    Tuesday, March 29, 2011 12:45 PM

Answers

  • Hi,

    The following link discussed a similar issue. It can be a IIS permissions issue. In this link, running aspnet_regiis -gauserdomain\useraccount for the account the application pool is running under and then restart iis and the application pool resolved this issue. Please try if it will help:

    http://graycloud.com/operations-manager/service-unavailable-t30875.html


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Vivian Xing Friday, April 8, 2011 8:16 AM
    Tuesday, April 5, 2011 8:14 AM
  • You certainly have more details - I was just making a guess.  When you say "nothing changed" this is the least likely case (most outages are the result of environment change).  So look for what changed.  Maybe a permission changed, maybe someone changed the permission on the small # of app pools.

     

    You mentioned "when this setting is used" -= is this something separate?  Or are you trying something that isn't working ... 

    From the error you are receiving, you have too many discoveries configured.  If there are only six, turn off 15 to 30 discovery as one possiblity.


    Microsoft Corporation
    • Marked as answer by Vivian Xing Friday, April 8, 2011 8:16 AM
    Tuesday, April 5, 2011 3:24 PM

All replies

  • domain account used for run-as has expired credentials would be my first guess.

    Somone changed out of band the permissions used by the run-as account for these workflows is the second guess.


    Microsoft Corporation
    • Proposed as answer by Vivian Xing Wednesday, March 30, 2011 6:13 AM
    Tuesday, March 29, 2011 4:21 PM
  • Hi Dan,

    An expired run-as account should give problems on all of the discoveries, scripts, tasks and monitors that would use that run-as account. That is not the case. All of the servers (working and non-working) use the Local System Action Account as default action account and that is also what the management pack guide specifies.

    If an account is the issue the problem shouldn't only be located to application pools that are configured with the ApplicationPoolIdentity. I can't figure out why a discovery specifically fails when this setting is used.

    Wednesday, March 30, 2011 10:15 AM
  • Hi,

    The following link discussed a similar issue. It can be a IIS permissions issue. In this link, running aspnet_regiis -gauserdomain\useraccount for the account the application pool is running under and then restart iis and the application pool resolved this issue. Please try if it will help:

    http://graycloud.com/operations-manager/service-unavailable-t30875.html


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Vivian Xing Friday, April 8, 2011 8:16 AM
    Tuesday, April 5, 2011 8:14 AM
  • You certainly have more details - I was just making a guess.  When you say "nothing changed" this is the least likely case (most outages are the result of environment change).  So look for what changed.  Maybe a permission changed, maybe someone changed the permission on the small # of app pools.

     

    You mentioned "when this setting is used" -= is this something separate?  Or are you trying something that isn't working ... 

    From the error you are receiving, you have too many discoveries configured.  If there are only six, turn off 15 to 30 discovery as one possiblity.


    Microsoft Corporation
    • Marked as answer by Vivian Xing Friday, April 8, 2011 8:16 AM
    Tuesday, April 5, 2011 3:24 PM
  • Appologies for my late reply but was busy this week and didn't hadn any time to investigate any further.

    It still stranges me that all the solutions that you listed are to solve problems within IIS itself, BUT my Application Pools are not causing any issues and are performing as needed. Therefore I'm not really happy to change any security permissions. The only problem that I have is that discovery of the application pool is failing when a specific property is set.

    In my opinion the Local Action account (LocalSystem) is used to perform the discovery as no specific runas account is used. That discovery tries to extract all the properties of an Application Pool. That works fine for all the application pools, except for the ones that are configured with the ApplicationPoolIdentity as Identity. As these are just properties it should read the properties. It makes no sense in my opinion that changing permissions in IIS to the account used for that application pool would resolve issues with the discovery of an application pool. That should resolves alertss about problems in the application pool.

    "aspnet_regiis -ga user" grants the specified user or group access to the IIS metabase and other directories that are used by ASP.NET. This will not change any permissions for the discovery account. Because I'm in a strict RFC environment I need to provide a proper case for changing such settings and I can't justify this one. Also another option that was given in a link in a link you supplied was to change permissions using icacles and that one has the same problem.

    I know I'm only shooting at your response and I don't provide any own input at the moment except for repeating information, but that is because I don't know anymore where to look.

    Friday, April 8, 2011 10:42 AM