Home » IIS » HTTP 503 Service Unavailable (Application pool has been disabled)

HTTP 503 Service Unavailable (Application pool has been disabled)

by

When IIS application pools don’t have correct configuration or permissions, they may unexpectedly stop which causes the website to give “HTTP 503 – Service Unavailable” error. Event ID 5059 clearly shows the reason behind the 503 error: “Application pool has been disabled”.

Other events you may see in Event Viewer are 5021 (The identity of application pool %1 is invalid) and 5057 (Application pool %1 has been disabled). Here are the detailed error messages.

Getting an Schannel error? Check these posts out.

Event ID 5021

The identity of application pool %1 is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.

Source

Event ID 5057

Application pool %1 has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.

Source

Event ID 5059

Application pool %1 has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.

Source

How to solve “Application pool has been disabled” error

There are several possible causes of HTTP 503 status code and 5059 event ID. Here is a list of things to try to solve this issue. You may need to restart IIS or machine after each change.

  1. Make sure the account used as application pool identity is not locked
  2. Reset the password of the application pool identity account in case it is expired
  3. Try using another domain account as application pool identity
  4. Give “Log on as Batch Job” permission to the application pool identity account
  5. Add the application pool identity account to IIS_USRS group
  6. Give “Full Control” to application pool identity account on shared data and configuration folders
  7. Check account information in applicationHost.config for possible typos
  8. Recreate application pools, websites, and shared configuration (if used)
  9. Switch from built-in account to domain account for application pool identity
  10. Make sure to use the same encryption provider (IISWASOnlyCngProvider or IISCngProvider) in applicationHost.config
  11. Change application pool process model from LogonBatch to LogonService
  12. If it is a shared configuration setup in IIS, use the same IISWASKey

Note: If you come across 503.2 Bad Gateway (0x80072f8f) error, add SecureConnectionIgnoreFlags Registry key and set it to 0x00003300 as explained in this post.

References:

Related Posts:

Tweet
Share
Pin
Share

Ned Sahin

Blogger for 20 years. Former Microsoft Engineer. Author of six books. I love creating helpful content and sharing with the world. Reach me out for any questions or feedback.
Categories IIS