Subscribe

Close

Thank you for visiting!

Please consider subscribing to the RSS feed or following me on Twitter.

Solve login failed error for IIS APPPOOL\DefaultAppPool

I recently ran into the classic SQL Server connection error message "Login failed". This, of course, nearly always has to do with insufficient rights to the database.

However, I also got this error message:

Login failed for user 'IIS APPPOOL\DefaultAppPool

In this case, I tried to anonymously connect to a SQL Server Database (in Windows 7, mind).

This is how to solve the problem:

  1. In Internet Information Services, right click the website that tries to connect to the database->choose Manage Web Site -> Advanced Settings. Take a look at the Application Pool used, in this case DefaultAppPool:
    IIS Application Pool settings
  2. Now that you know the application pool the website uses, instead right click Application Pools (in IIS root) -> right click the correct application pool -> choose Advanced Settings.
  3. Under Advanced Settings, find Identity and choose LocalService as the Built-in account (or LocalSystem if that's the option you've got):
    Change Application Pool Identity to LocalService
  4. Done!

Comments

thank you very much you help me a lot

Very helpful post, thanks.

that helped me.

Just installed Visual Studio on Windows 7 box

Perfect Solution

From point of security reasons is better to add IIS APPPOOL\DefaultAppPool as owner of your db. For example, just run the next command in the Query window of selected db:
sp_addrolemember 'db_owner','IIS APPPOOL\DefaultAppPool'

very helpful

Still Getting the same problem

Its giving the following error now...

Cannot open database "xxxxxxxx" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\LOCAL SERVICE'.

Thanks Dileno and thanks glory, because I didn't find "LocalService" in "Built-in account" and better if that's more secure.

@Abbid i found the same problem when i used local service..choose LocalSystem and everything will be fine :D

Thanks man, i am very grateful. All problems solved in an instant. keep the fire burning

It works, thanks!!!!!!!!!!!

Thanks it workes I was in trouble about this problem

thanks alot its works fine

For me it does not worked as LocalService but worked! as LocalSystem.

This solution is nonsense because it shows a clear lack of understanding in the security model. You are putting your customer or company at risk by setting up LocalSystem and allowing your application pool to have more file system and execution privileges than it needs (if you are doing this in a development environment for sake of troubleshooting,

The recommended Microsoft solution is to create a separate account. However, if your solution is small, you can instead add the 'IIS APPPOOL\DefaultAppPool' user as a database user in your SQL instance, then providing the proper 'User Mappings' to the databases you need the DefaultAppPool user to access. You may not necessarily be able to search for this user, but you can still enter it in the 'Login name' field in the "Login - New" window as "IIS APPPOOL\DefaultAppPool" (without the quotes).

Follow this link as a reference and pay attention to the last post: http://social.msdn.microsoft.com/Forums/en-US/sqlsetupandupgrade/thread/73eee0b4-9eee-4a71-a448-3e3eef9ee404/

The built in NTAuthority\Network Service account is much less privileged than the Local System account which is basically the OS of the local machine. I configured the app pool to use the Network Service account in IIS 7.0. I then created a Login on the database instance for the Network Service account. For my application it was only necessary to add the db_datareader role to the Network Service account on the database.

This allowed my ASP.NET web page to connect to a SQL2008 instance using Integrated Security with ADO.NET , run an INSERT sproc to populate a table and then display the data in tabular form in grid format on the web page.

As an addendum to my previous post above on April 26th i need to clarify that it was necessary to add the db_owner role to the Network Service account in my db instance to allow my stored procedere to insert to the table. I have two ASP.NET web pages. The first page is named FormInput.aspx and allows data to be added to a datagrid form with FirstName, LastName, StudentID, EmailAddress etc. After the data is entered into the form the user then hits the submit button and the new data is supposed to display on the "ViewStudentInfo.aspx page"
Initially the ViewStudentInfo.aspx successfully pulled the data from the database table successfully. So whatever data that is present in the table shows up on the aspx page nicely. However the call to the sproc to insert new data did not work until I added the db_owner role to the Network Service that the app pool is using to connect to the database. Initially I tried to limit the roles to just db_datareader and db_datawriter but it did not work.

Thanks, this helped a bunch!

Andy says:
Andy on Apr 26th, 2011 04:01 PM
This solution is nonsense because it shows a clear lack of understanding in the security model. You are putting your customer or company at risk by setting up LocalSystem and allowing your application pool to have more file system and execution privileges than it needs (if you are doing this in a development environment for sake of troubleshooting,

The recommended Microsoft solution is to create a separate account. However, if your solution is small, you can instead add the 'IIS APPPOOL\DefaultAppPool' user as a database user in your SQL instance, then providing the proper 'User Mappings' to the databases you need the DefaultAppPool user to access. You may not necessarily be able to search for this user, but you can still enter it in the 'Login name' field in the "Login - New" window as "IIS APPPOOL\DefaultAppPool" (without the quotes).

Follow this link as a reference and pay attention to the last post: http://social.msdn.microsoft.com/Forums/en-US/sqlsetupandupgrade/thread/73eee0b4-9eee-4a71-a448-3e3eef9ee404/

I say: I cannot sucessfully "ADD" the "IIS APPPOOL\DefaultAppPool as a user. I get the famous "CREATE FAILED for login user IIS APPPOOL\DefaultAppPool
Why is SQL Server 2008 not allowing me to add this login?
Thanks.

Generally, logins for SQL have to be created at the top level SECURITY \ LOGINS area first, and then added as a user on the appropriate DB (unless you're giving a system-wide role). You can't add directly to the database without the login existing at the top level.

Thanks

Hey not showing this option for built-in-account

Dude you saved my life. Thanks

its work...
thanks a lot....... :)

LocalSystem works for me
Thanks

Ok

Thanks ;)

Good Solution

Wonderful, worked for me to. only i hado to specify LOCAL SYSTEM

thanks

Login failed for user 'IIS APPPOOL\DefaultAppPool'. Works with LocalSystem, the same as IIS log account.

Thank you very much i was using Web service which i deployed on IIS7 in windows 7 where i was able to view the default.aspx page but no output your article helped me solving the problem.

In 3rd and last step I have selected "LocalSystem" and my issue solved:)

I followed your directions. I have a .net application on a Windows 7 machine. No error is displayed now, but I cannot generate the report either. The report is blank. any suggestions? (in my win xp it is working fine)

thanks,
Marco

Thanks.

hi , it worked thanks
but how to solve ApplicationPoolIdentity ?

thanks., working fine

Hi sanchita,
I have few doubts, could you please send me an email to v.karthic@ymail.com ?

Thanksx.....

Write a comment





Or use Twitter to identify


To the top