Share via


Event ID 9002 — IIS Application Host SID Mapping Configuration

Applies To: Windows Server 2008 R2

In Internet Information Services (IIS) 6.0, separate user accounts had to be created for application pools in order to isolate them. In IIS 7.0, mapped application pool SIDs (security identifiers) make this process easier. When a new Web site is created in IIS 7.0, the site receives a new application pool with the same name as the site. The Application Host Helper Service (AppHostSvc) dynamically creates a unique application pool SID based on the application pool name, and the name is mapped to the SID. Web site resources like files and directories can then be granted permissions by using the mapped application pool SID instead of separate user identities. This enables all application pools to run under the same default Network Service account, yet remain isolated.

Event Details

Product: Internet Information Services
ID: 9002
Source: Microsoft-Windows-IIS-APPHOSTSVC
Version: 7.5
Symbolic Name: APPHOSTSVC_SID_GENERIC_ERROR
Message: The Application Host Helper Service encountered an error while mapping the application pool names to their respective SIDs. Some app pool SIDs will not be resolved properly under the 'IIS APPPOOL' namespace. To resolve this issue, please recommit the changes or restart the service. The data field contains the error number.

Resolve

Reapply changes and restart AppHostSvc

When configuration changes do not appear to take effect, possible resolutions include the following:

  • Reapply the changes.
  • Reduce the number of application pools.
  • Stop and restart the Application Host Helper Service (AppHostSvc).

Stop and restart the Application Host Helper Service

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To stop and restart the Application Host Helper Service:

  1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. At the command prompt, type net stop apphostsvc.
  3. At the command prompt, type net start apphostsvc.

Verify

If Application Host SID Mapping is not configured correctly, Web sites in the affected application pool will fail to serve pages. For this reason, you can verify the Application Host SID Mapping functionality by performing a test browse.

To perform a test browse:

  1. Choose a Web site or an application that is configured to run in the application pool that you want to verify.
  2. Open up your default browser or required client.
  3. Browse to a page in the Web site or application that you chose in step 1.
  4. The client should display the expected output page. If Application Host SID Mapping is configured correctly, the page will be displayed.

IIS Application Host SID Mapping Configuration

Internet Information Services (IIS) 7.5