Wednesday, September 26, 2007

IIS6: App-Domain could not be created

Each time when I have to deploy a ASP.NET/WCF application to a new Windows Server 2003 IIS web-site, I run into a "Server Application Unavailable" error and this logged in the application event log:

Failed to execute request because the App-Domain could not be created. Error: 0x80070005 Access is denied.

Exception: System.IO.FileLoadException
Message: Could not load file or assembly 'System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Access is denied.

As always, I'm a bit puzzled by the access denied error as I have granted NTFS read+execute rights to the ASPNET and IUSR accounts as applicable to the application's disk folder and to the .NET 2.0 and 3.0 folders. Time for Microsoft System Internals Filemon to log file access failures to diagnose the problem.

Note to self: The cause of the problem is that the identity (e.g. NETWORK SERVICE) of the IIS application pool used to run the web application, needs read access to the application's web.config file to be able to launch the ASP.NET worker process.

Read the excellent MSDN article 'Extend Your WCF Services Beyond HTTP With WAS' to learn more about IIS/ASP.NET/WAS application pools, process models and app-domains.


Unknown said...

Glad you liked our article.

Anonymous said...

Thank u very much.. It solved my problem..

Solution.. Right click on the Default WebSite folder in IIS, Select Permissions,Then select Network Service & give Read Access..
That's it. It solved my problem.

Mark Kadlec said...

Thanks! I remember doing that a while back but your Filemon tip helped to remember!

Anonymous said...

Sunilkumar Biradar you are my GOD!! :D your comment works me!.

Anonymous said...

Folder access issue. Can be fix here:

Anonymous said...

Thanks! this helps solve an issue for me!