locked
Login failed for user 'DOMAIN\MACHINENAME$', IIS and SQL Server on same machine RRS feed

  • Question

  • User1733860820 posted

    I am using webdeploy to publish an asp.net project to a server on my LAN, using integrated security via Active Directory. When I try to run the site I get this error

    Login failed for 'mydomain\servername$'

    I've found some pretty in depth thread about this issue and have tried many settings, none of which have worked so far.

    Adjustments I've made:

    [1] in IIS change the websites application pool process model identity. I've tried all of the built in accounts and several custom accounts

    [2] in SQL Server, which runs on the same server as IIS, I've added various accounts like mydomain\servername$, then NT AUTHORITY\NETWORK SERVICE, then IIS APPPOOL\appname, then mydomain\myaccount (I'm a domain admin).

    [3] Generally I correlate the app pool account and the sql server login.

    I get exactly the same error for all of the variations (well some minor exception details vary). I've restarted IIS multiple times, though I've not read that this is needed after changes like these. What settings should work?

    Wednesday, April 29, 2020 3:33 AM

Answers

  • User753101303 posted

    Seems fine but you should see machinename$ only for a "Built-in account". Try perhaps to "Recycle..." or Start/Stop the application pool once done. You should also have "View applications" link in the "Action" pane to see which sites are using this application pool and make sure it is the one you expect.

    Edit; also you don't have <identity impersonate="true" /> in your web.config? If yes, remove that and try again.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 29, 2020 7:08 PM

All replies

  • User475983607 posted

    Generally this is very very simple.  The SQL login must match the web site's application pool identity.   Or you use the builtin accounts.  Locally accounts resolve as 

    NetworkService -> builtin\network.

    LocalSystem -> builtin\system

    The error login failed for DOMAIN\MACHINENAME$ means you are trying to access a remote SQL server.  Are you sure the connection string is correct?

    Wednesday, April 29, 2020 11:29 AM
  • User1733860820 posted

    That's what I don't get - I have been pairing the sql login and the application pool identity and they are rejected with that message.

    100% sure that the same server hosts the SQL Server database and the asp.net website on IIS. The development box with visual studio is another pc, and the credentials I use there with webdeploy are different, but as I understand it that's not the source of this issue.

    Wednesday, April 29, 2020 5:14 PM
  • User753101303 posted

    Hi,

    Are you sure you changed the correct application pool. When using integrated security, machinename$ is used when using a "local identity". If your site really runs with an app pool that uses a domain account it should use this domain account.

    Wednesday, April 29, 2020 5:56 PM
  • User1733860820 posted

    I must be doing something wrong, but this area is so new to me that I can't see it.

    The Application Pools list has an entry for the new site. It's Advanced Settings dialog is where I've been adjusting Process Model/Identity. To give an example of a combination that I would expect would be valid for testing purposes if not production, one of the credientials I used were my own. I'm a domain admin, am the owner of the database for the site, and am a sysadmin on the sql server instance. It fails with Login failed for user 'DOMAIN\MACHINENAME$'. Wouldn't that be expected to fly?

    Wednesday, April 29, 2020 6:51 PM
  • User753101303 posted

    Seems fine but you should see machinename$ only for a "Built-in account". Try perhaps to "Recycle..." or Start/Stop the application pool once done. You should also have "View applications" link in the "Action" pane to see which sites are using this application pool and make sure it is the one you expect.

    Edit; also you don't have <identity impersonate="true" /> in your web.config? If yes, remove that and try again.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 29, 2020 7:08 PM
  • User1733860820 posted

    Oh, excellent! Thank you. The website was using DefaultApplicationPool, but I was making my adjustments to the application pool with the site's name. Now it works.

    What I can't recall is whether I created the application pool for the website, or if it was automatically generated. It may have been an option presented during the website creation. In any case, mystery solved.

    Wednesday, April 29, 2020 7:29 PM
  • User1733860820 posted

    I had noted some people felt <identity impersonate="true" /> might have something to do with it but I stayed away from that experiment.

    Wednesday, April 29, 2020 7:33 PM