After doing a Password Reset Activity in our environment,
SharePoint Server is given service unavailable sometimes. When we refresh the page,
it starts working but after some time it again gives Service Unavailable.
So, the issue is that SharePoint
is getting down again and again by itself.
After doing research we come to know that Application pool (let’s call App_Pool1)
of the faulty web application (let’s call it https://webapp.company.com)is
getting restarted again and again on one of the WFE server let’s call it wfe1.
While the same was working fine on other servers. So, we can say there is some
issue with the wfe1 server only.
So, we concentrated on WFE1. After research we noticed that the Application
pool "App_Pool1" is restarting again and again also it has
some different properties from other server’s application pool such as "Enable
32-Bit Applications". On WFE1 server, this property is set to True, while on other servers it is set
to false. When we tried to set this
value as false for this server as well the application pool was not stopping
but the site https://webapp.company.com
was stopped and giving some internal error.
Solutions we tried -
1. We already tried to copy the web config of other wfe server
to this server but it did not worked.
2. We changed the Property "Enabled
32-Bit Applications" of Application pool on WFE1 server to False same as
other servers. Now application pool was not stopping again and again but it
also did not work just the error was changed. And https://webapp.company.com was completely
down.
3. So, we conclude that there is some issue with Application
pool. We tried to reset the password for this application pool identity, we set
the password again but again it failed to work properly.
4. We tried to change the application Pool Identity but
again it did not work.
5. We checked IIS logs and SharePoint logs but could not
find any much information from there.
6. So now we decided to change the Application Pool for
the Web Application as we were not able to identify anything, and we had no
other option. For running below code, we used the Faulty server WFE1.
a. So, we created a new application pool with below powershell code (executed on all the servers) with same
Identity as old application pool.
asnp *SharePoint* -ErrorAction SilentlyContinue
$NewAppPoolName = "AppPool_Webapp”
$NewAppPoolUserName = "Domain\username"
$Farm = Get-SPFarm
$Service = $Farm.Services |
where {$_.TypeName -eq "Microsoft SharePoint Foundation Web
Application"}
$Password = Read-Host -Prompt
"Please enter your password" -AsSecureString
$NewAppPool = New-Object Microsoft.SharePoint.Administration.SPApplicationPool($NewAppPoolName,$Service)
$NewAppPool.CurrentIdentityType = "SpecificUser"
$NewAppPool.Username = $NewAppPoolUserName
$NewAppPool.SetPassword($Password)
$NewAppPool.Provision()
$NewAppPool.Update($true)
b. Now we configured our faulty Web application https://webapp.company.com to
use the new application pool that is "AppPool_Webapp" using below
code.
asnp *SharePoint* -ErrorAction SilentlyContinue
$NewAppPoolName = "AppPool_Webapp"
$NewAppPool = $Service.ApplicationPools[$NewAppPoolName]
$WebApp = Get-SPWebApplication $WebAppURL
$WAAppPool = $WebApp.ApplicationPool = $NewAppPool
$WebApp.Update()
$WebApp.ProvisionGlobally()
c. After running the defined code in 6.b section on WFE1 server. We
got below error message -
Exception calling "ProvisionGlobally" with
"0" argument(s): "Filename: \\?\C:\Windows\system32\inetsrv\config\applicationHost.config
Line number: 375
Error: Can not log on locally to
C:\inetpub\wwwroot\wss\VirtualDirectories\webapp.company.com443 as user Domain\username
with virtual directory password
"
At line:6 char:1
+ $WebApp.ProvisionGlobally()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : COMException
d. The same code worked fine on all the other server in
the environment. So as the issue was occurring on only once server that was faulty,
so we started working on the same issue on Server WFE1.
i.
We checked access to both the locations, both locations had the required
access.
ii.
We opened the file applicationHost.config from the given location C:\Windows\system32\inetsrv\config\applicationHost.config and checked
the given line defined in the error message – 375.
iii.
This file seems to be the configuration file that is used to connect to
different services of the web application, that is configured in IIS Logs. This
file contains the configuration settings for virtual directory and other
services that will be used the a given web application.
iv.
Here I noticed that the given line contains a User name and password,
where password was in encrypted format and user name was same as the
application pool identity. This file was last modified on a long time ago by
someone manually after comparing this file on other servers we noticed that this
file is not same on all the servers (while it should be same as it’s a system
file). The user name or password was defined for only this one application
while there were details of other web application’s configuration also. On the
other server there was such no username or password. (Please see the screen
shot)
v.
So it seems for some reason or any testing purpose may be this file is
updated by someone and they hard coded the user name and password in this
configuration file. Because if it was done by system or SharePoint service it
must be same in all the SharePoint farm servers, but this was not the case so I
just removed the UserName and
password tags from the line as saved this file. And our web application started
working. So, check the below configuration setting as defined -
Search for <Site name="Your Application
name" id ="ApplicationID" serverAutoStart="true">
Now check the <Virtualdirectory path="/" physicalpath ="path defined in the error message> and
remove user name and password from the same line as per the below comments.
Old line -
<virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot\wss\VirtualDirectories\webapp.company.com443" userName="Domain\UserName"
password="[enc:AesProvider:dnm3i3ahncJOGWEIYGxyyA4zVVV5HYjFA2tDQP+go7qHyZWHXtz6dGwgIcsyyKNRhmvYcdsTlsTkXFUpLQyqsw==:enc]"
/>
New line -
<virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot\wss\VirtualDirectories\webapp.company.com443" />