Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. PRB: Logon Failure: Unknown User Name or Bad Password When You Run Out-of-Process Webs

PRB: Logon Failure: Unknown User Name or Bad Password When You Run Out-of-Process Webs

View products that this article applies to.

Symptoms

Requests to out-of-process applications may generate the following events in the system event log:
Event ID: 10004 Source: DCOM
DCOM got error "Logon failure: unknown user name or bad password." and was unable to logon .\IWAM_MYSERVER in order to run the server: {1FD7A201-0823-479C-9A4B-2C6128585168}

Event ID: 36 Source: W3SVC
The server failed to load application '/LM/W3SVC/1/Root/op'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password.'

↑ Back to the top

Cause

The IWAM_machine account may be out-of-sync. The IWAM_machine identity must be in synch in the metabase, the Security Account Manager (SAM), and COM+. Account information stored in the Internet Information Server (IIS) metabase is synchronized with the local SAM, but COM+ applications are not automatically updated.

↑ Back to the top

Resolution

IIS 5.0 provides Synciwam.vbs to update the launching identity of all IIS COM+ application packages that run out-of-process. The Synciwam.vbs script can be found in the \Inetpub\AdminScripts folder and can be run using Cscript or Wscript (see the Synciwam.vbs file for more information).

NOTE: Using Synciwam.vbs will reset all out-of-process applications (medium and high isolation) to IWAM_machine.

If SynchIWAM fails with the "empty username or password" error, it may be necessary to update the IWAM_ account manually in the IIS Out-Of-Process Pooled Applications object and all Web sites in which the Application Protection is set to High (Isolated).

For IIS 4.0

Check the Identity properties of each Web site. These packages are located under the Microsoft Transaction Server folder in the IIS Microsoft Management Console (MMC).
  1. In the IIS MMC, click to expand the Computers, My Computer, and Packages Installed nodes.
  2. Right-click each IIS Web site (that is, IIS - <Web_site_name>), and then click Properties.
  3. On the Identity tab, ensure that the IWAM_ account that is assigned to IIS Out-of-Process Pooled Applications appears in this window.
  4. On the Home Directory tab, if the Run in separate memory space (isolated process) check box is selected for any Web site, an object for that Web site also exists under the name IIS-<Web_site_name//root>.
  5. Repeat the preceding steps for each Web site that is running in separate memory space.

For IIS 5.0

Check the Identity properties of the IIS Out-of-Process Pooled Applications for Microsoft Transaction Server Properties and all Web sites that are set to High (Isolated) in the Application Protection list box on the Home Directory tab. These packages are located in the Adminstrative Tools/Component Services folder.
  1. Under the Console root, click to expand the Component Services, Computers, My Computer, and COM+ Applications nodes.
  2. Right-click the IIS Out-of-Process Pooled Applications object, and then click Properties.
  3. On the Identity tab, ensure that the IWAM_ account that is assigned to IIS Out-of-Process Pooled Applications appears in this window.
  4. Repeat the preceding steps for all Web sites that are set to High (Isolated) in the Application Protection list box (which are identifed as IIS-<Web_site_name//Root>).

↑ Back to the top

Status

This behavior is by design.

↑ Back to the top

Keywords: kberrmsg, kbprb, kbsecurity, kbsysadmin, KB255770

↑ Back to the top

Article Info
Article ID : 255770
Revision : 8
Created on : 7/11/2005
Published on : 7/11/2005
Exists online : False
Views : 557