Windows authentication (AD) not working when IIS Application pool is running as custom user

broadband

8/4/23, 7:11 PM

I'm using:

Windows 10 x64 Professional (in ad domain)
IIS 10
Web site is running under local user EPM_USER, everything works except Windows authentication

Configuration:

When I try to from another computer which is also in AD domain with valid Active Directory, login fails:

If I change application pool that it runs under ApplicationPoolIdentity, than it works:

120

0 + 0

iis

active-directory

application-pools

windows-authentication

Davidw

8/4/23, 7:15 PM

Why run IIS on a Windows 10 machine? Windows 10 is not intended to function as a server.

Appleoddity

8/5/23, 2:23 AM

If you’re running the application pool under a local user it doesn’t have credentials on the domain. When you run it as the applicationpoolidentity it uses the network service account which is basically the machine’s AD account. Use that, or use a domain account to run the app pool in.

Appleoddity

8/5/23, 2:30 AM

More info: https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/ check the `useKernelMode` setting.

Appleoddity

8/5/23, 2:37 AM

And more detail about why this does or does not work… https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc758557(v=ws.10) Your SPN has to be configured properly to use a different account and it will not work with a local user account as mentioned. Kerberos has specific requirements.

broadband

8/5/23, 7:56 AM

@Davidw usually I would run IIS on Windows Server, but just for testing scenario I'm running it in vmware virtual machine.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Windows authentication (AD) not working when IIS Application pool is running as custom user

TH: การรับรองความถูกต้องของ Windows (AD) ไม่ทำงานเมื่อกลุ่มแอปพลิเคชัน IIS กำลังทำงานในฐานะผู้ใช้ที่กำหนดเอง

RO: Autentificarea Windows (AD) nu funcționează atunci când grupul de aplicații IIS rulează ca utilizator personalizat

RU: Аутентификация Windows (AD) не работает, когда пул приложений IIS работает как пользовательский пользователь

VI: Xác thực Windows (AD) không hoạt động khi Nhóm ứng dụng IIS đang chạy với tư cách người dùng tùy chỉnh

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.