We discovered that all of our sites running on one of our Web servers stopped working. The web server is running Win2k3 web server running IIS6. All of the sites on this server are running .Net Framework 1.1. They would serve up the html code just fine but when they attempted to run any .Net application they would crash.
We tried everything to revive the sites. Reboot the server, shutting down the failover partner in the App Center cluster, reset iis, review the application and system eventlogs, review IIS logs. Nothing gave us any useful clues as to what the problem was.
I spoke the dev guys and server admins and no one says that they made any changes. The last MS security updates were installed about a week ago.
I checked to see what application pool these sites used. One site was configured with a unique application pool while the rest of the sites were configured under the default app pool. As a test, I changed the identity that the default app pool used from the default Network Service account to the LocalService account. The sites using that app pool started working again! I did the same for the other app pool and that one started working as well.
Here's the strange part. I changed the app pool identity back to the default, Network Service, and the sites continued to operate correctly. Why or how this happened is still a mystery but I pursuing a few hunches. One of the dev guys said that the IIS garbage collection routine might be the culprit.
Note: The LocalService account has elevated access rights and should only used in very specific cases for security reasons. (read the section below for further information).
From MS TechNet
The identity of an application pool is the name of the account under which the application pool's worker process runs. By default, application pools operate under the Network Service account, which has low-level user access rights. That is, this account provides better security against attackers or malicious users who might attempt to take over the computer on which the World Wide Web Publishing Service (WWW service) is running. The LocalService account has low access rights as well, and is useful for situations that do not require access to resources on remote computers. You can configure application pools to run as LocalSystem, which is an account with more user rights than the Network Service or LocalService account. However, be mindful that running an application pool under an account with increased user rights presents a high security risk.
