SharePoint 2007 - Changing Application Pool Identity

Friday, 1 February 2008 23:39 by RanjanBanerji

This is a post more about embarrassment than value.  But it may help some poor soul such as myself.  I recently setup a large SharePoint 2007 farm and realized that the main application was running an application pool under the wrong user. 

Given my usual developer habits I simply went to IIS, selected the application pool, selected properties, selected the Identity tab and changed the user.  I then launched my browser and much to my surprise I got a service unavailable error.  Now this is something I was not expecting.  Why did my application/web site just die.  A little research showed that SharePoint has a slightly more complex model of security and how it works.  Any user running the application pool must also be a member of various Groups on the computer.

So as a next step I went to the SharePoint Central Administration (CA) and started to look for any place I can make this change.  Since one enters the username and password for the application pool that will run your application while creating an application I kept looking in the application management part of the CA.  When I found nothing I did a web search or "googled" for some ideas.  I hit upon some SharePoint 2003 posts on the same issue which pointed me to adding my user to various Groups on my machines.  But the group names had changed.  I used common sense to assign this user to groups that I thought were relevant and tried to launch my application on the browser.

Service unavailable again. Grrrrrrrrrrrr!!!!!!!!!!!

So I gave up.  I had to get this working within the hour.  So I just deleted the application and created it again.  This was a pain for I had to create the application, re-install custom code, re configure stuff etc.

Half way while doing so I happened to be looking at the Central Administration screen under Operations and I saw a link to "Service Accounts."  I so hoped this was not what I thought it was.  Yes, ladies and gentlemen, it turned out to be exactly what I needed, but a little too late.  What should have taken minutes took me an hour.  More than the waste of time was the embarrassment of not knowing this was so easy to fix.

So, if you need to change the identity of who runs your application pool just go to Central Administration, Operations, Service Accounts.  Select the application, select the application pool, and then change the username and password.  Simple.

 

Tags:  
Categories:   SharePoint
Actions:   E-mail | Permalink | Comments (6) | Comment RSSRSS comment feed

Comments

April 4. 2008 14:47

Ken

Thank you very much Ranjan for this post. I'm trying to install the MOSS Training Kit and needed to change the user account the app pool ran under and broke the site just like you did by changing it in IIS. I thought as well there should be a place in central admin. to perform this task and looked but didn't find it just like you. I did successfully change it after reading your instructions. I wish I could could tell you the MOSS Trainging Install was successful but further along the install I ran into another issue on the learner site. I could send you more information if you like but I just wanted to say I wouldn't have even made it this far without your help. You saved me time! Thanks again, Ken

Ken

June 13. 2008 01:36

RanjanBanerji

Ken,

Thanks for your comment and I am glad I could help.  I am quite new to SharePoint and as my blog shows I am quite frustrated by the experience.  I apologize for teh late reply but I never realized that my comments were not working.

Thanks,

Ranjan

RanjanBanerji

September 6. 2008 01:06

Ven

Hi,
   I knew this option. My problem is different. I installed SharePoint with the Local Administrator account throughout, including Central Admin. But when I try to find the Central Admin site in the list of Web Applications for whom I can configure the Service Account, I don't even find it listed there. So please let me know how to change the username and password for the Central Admin site. Please let me know about this at the earliest.

Ven

September 9. 2008 19:40

Ven

Hi,
   I am facing a different problem. Unknowingly, I installed whole MOSS under Local Admin account. My MOSS is in one server and SQL is in another server. So, now, I want to change the Local Admin account to Domain acount everywhere ,i.e. in all the services. I thought of changing this in Service Accounts section of the Central Admin,but in the list of Web Applications, I couldn't see the Central Admin web application listed. I googled a lot,but couldn't find a solution anywhere. Everywhere people talk about changing the passwords and not user name. My requirement is to change the user name and also password,obviously without causing any problem anywhere. Moreover,many people told me not to change the Service Accounts even through the Central Admin section, as they faced some issues after that. So, I would be really thankful, if you can give me a solution to this problem. Please list out the detailed steps,so that I can understand, as I am new to SharePoint.

Ven

September 10. 2008 22:19

RanjanBanerji

Ven,

Its been a while since I touched SharePoint but here is what you can do.  But basically this MSDN article should help you out:

http://support.microsoft.com/kb/934838

I know they talk about updating passwords but look at the syntax:

stsadm -o updatefarmcredentials -userlogin DomainName\UserName -password NewPassword

You can assign a new username and password or a new password for an existing username.

I strongly suggest testing this.  I believe I tested this and used it once before but the bnest way is for you to test it.  The MSDN documentation is not very good as they simply talk about password changes on a method that will let you change username and password.

Hope this helps.

Ranjan

RanjanBanerji

January 29. 2009 01:33

Frederik Munster

Thx a lot!

Frederik Munster

Add comment


(Will show your Gravatar icon)

  Country flag

biuquote
  • Comment
  • Preview
Loading