PRB: Error "User Password/Validation failed" when you set IIS 5.0 application to High (Isolated) (296851)


The information in this article applies to:

  • Microsoft COM+ 1.0
  • Microsoft Internet Information Server 5.0
  • Microsoft Active Server Pages
This article was previously published under Q296851

SYMPTOMS

When you configure a Web application to run in High (Isolated) protection mode (out-of-process from Internet Information Server) in the Internet Services Manager (ISM) console, the application is disabled, and you receive the following error message:
User Password/Validation failed
This means that the application does not serve Active Server Pages (ASP) pages, it appears as a yellow folder in the ISM console, and the Create button in the application properties is enabled.

In a related but slightly different scenario, you may already have an application set to High (Isolated) protection, and then someone changes the password for the IWAM_<ServerName> account without following the synchronization steps in this article. When this occurs, your application is disabled, but you do not receive an error message. HTML pages in your application continue to work as expected; however, when you try to browse to ASP pages in the application, you receive the following error message in the browser:
Server Application Error. The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance.

CAUSE

This behavior is by design. When you run an Internet Information Server (IIS) 5.0 application in High (Isolated) mode, a COM+ application package is automatically created for the application in the Component Services Manager (CSM) console. By default, this package runs your application's process under the IWAM_<ServerName> user account. The error occurs because the IWAM account is not synchronized. The password that is specified for the IWAM account (or whatever account the user specifies) in the metabase (the IIS 5.0 registry) is different from the Windows password that is set for the same account in the Local Users and Groups Manager (UGM) console.

RESOLUTION

To resolve this problem, follow these steps:
  1. Use a GET command to determine what account is used for the Web Application Manager (WAM) in the metabase. If your Windows computer name is WebServer1, at a command prompt, browse to the Adminscripts folder, and type the following command:

    inetpub\adminscripts>adsutil GET w3svc/WAMUserName

    This returns the WAM user account name in the following format:

    WAMUserName                    : (String) "IWAM_WebServer1"

  2. Reset the password for this account in the UGM console as follows:
    1. On the Start menu, click Run, and type lusrmgr.msc to open the UGM console.
    2. Click the Users folder, right-click the account from step 1 (usually IWAM_<ServerName>), and then click Set Password.
    3. In the Password and Confirm Password boxes, type a new password. This example uses the password "Password".
  3. At a command prompt, type the following command to set the new password in the metabase:

    Inetpub\adminscripts> adsutil SET w3svc/WAMUserPass "Password"

    "Password" represents the password that was set in the User/IWAM_<ServerName> properties. You must enclose the password in double quotes. This command returns the following output:

    WAMUserPass                       : (String) "**********"

  4. On the Start menu, click Run, and then type iisreset to restart the World Wide Web Publishing Service. This command stops and restarts all Web services.
  5. Make sure that you re-enable your virtual directory as an application. To do this, follow these steps:
    1. On the Start menu, point to Programs, point to Administrative Tools, and then click Internet Services Manager to open the ISM console.
    2. Right-click the virtual directory, and then click Properties.
    3. On the Directory tab (or Home Directory if you are working with a site), click Create if it is enabled.
    4. In the Application Protection drop-down list box, make sure that High (Isolated) is selected.
  6. Update the password in the COM+ package that was automatically created for your out-of-process Web application as follows:

    For IIS 4.0
    1. On the Start menu, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, click on Internet Service Manager.
    2. Double-click Microsoft Transaction Server, double-click Computers, double-click My Computer, and then double-click Packages Installed.
    3. Right-click the objects associated with your IIS Websites (identifed as IIS-{websitename}), and then click Properties.
    4. On the Identity tab, make sure that This user is selected, and verify that the account from Step 1 appears in the User box.
    5. In the Password and Confirm Password boxes, type the updated password.
    For IIS 5.0
    1. On the Start menu, point to Programs, point to Administrative Tools, and then click Component Services to open the CSM console.
    2. Click to expand the Component Services, Computers, My Computer, and COM+ Applications nodes.
    3. Under COM+ Applications, right-click the package for your Web application, and then click Properties.
    4. On the Identity tab, make sure that This user is selected, and verify that the account from step 1 appears in the User box.
    5. In the Password and Confirm Password boxes, type the updated password.

MORE INFORMATION

Steps to reproduce behavior

  1. Open the UGM console, and reset the password for IWAM_<ServerName>.
  2. Open the ISM console. On the Internet Information Server menu, click My Computer (name), and then click Default Web Site.
  3. From the list, select an application that is not yet configured to run out-of-process. Right-click your selection, and then click Properties.
  4. On the Virtual Directory (or Directory) tab, in the Application Protection list, click High (Isolated), and then click OK.

REFERENCES

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

195956 Cannot set AppRoot OutProc, MTS package identity set to "Y"

255770 Logon failure: Unknown user name or bad password when you run out-of-process Webs

Modification Type:MinorLast Reviewed:3/22/2006
Keywords:kbConfig kberrmsg kbprb kbWebServer KB296851 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.