Score:0

Windows authentication (AD) not working when IIS Application pool is running as custom user

it flag

I'm using:

  • Windows 10 x64 Professional (in ad domain)
  • IIS 10
  • Web site is running under local user EPM_USER, everything works except Windows authentication

Configuration: enter image description here

When I try to from another computer which is also in AD domain with valid Active Directory, login fails: enter image description here

If I change application pool that it runs under ApplicationPoolIdentity, than it works:

Davidw avatar
in flag
Why run IIS on a Windows 10 machine? Windows 10 is not intended to function as a server.
Appleoddity avatar
ng flag
If you’re running the application pool under a local user it doesn’t have credentials on the domain. When you run it as the applicationpoolidentity it uses the network service account which is basically the machine’s AD account. Use that, or use a domain account to run the app pool in.
Appleoddity avatar
ng flag
More info: https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/authentication/windowsauthentication/ check the `useKernelMode` setting.
Appleoddity avatar
ng flag
And more detail about why this does or does not work… https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc758557(v=ws.10) Your SPN has to be configured properly to use a different account and it will not work with a local user account as mentioned. Kerberos has specific requirements.
broadband avatar
it flag
@Davidw usually I would run IIS on Windows Server, but just for testing scenario I'm running it in vmware virtual machine.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.