Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1002 Source: W3SVC

Source
Level
Description
Application pool "DefaultAppPool" is being automatically disabled due to a series of failures in the process(es) serving that application pool.
Comments
 
When you use a third-party program to log on to Microsoft Outlook Web Access in Microsoft Exchange Server 2003 and the session that is opened by the third-party program expires, you are prompted to authenticate again in Outlook Web Access. In this scenario, the logon process stops responding when you try to authenticate again because the pFilterContext pointer is set to NULL. The Outlook Web Access authentication process does not expect this pointer to be set to NULL. See ME926114 and ME926115 for two hotfixes applicable to Microsoft Exchange Server 2003.

This problem occurs because a notification is incorrectly sent to the application by using RPC over HTTP. See ME917781 for a hotfix applicable to Microsoft Windows Server 2003.

See ME919090, ME930461, ME933729, ME947360 and ME956532 for additional information about this event.
My solution was to change the Identity of DefaultAppPool (found in IIS Admin -> Properties -> Identity) from "Network Service" to "IWAM_xxx". After that, the website worked and no more errors.
In my case, the system's host name had changed post IIS install resulting in incorrect IUSR and IWAM accounts. Re-installing IIS recreated these accounts and resolved the issue.
In my case, this error occurred because both Microsoft ASP.NET 1.1 and 2.0 versions were instaled on a 64-bit version of Windows Server 2003. IIS 6.0 supports both the 32-bit mode and the 64-bit mode. However IIS 6.0 does not support running both modes at the same time on a 64-bit version of Windows. ASP.NET 1.1 runs only in 32-bit mode. ASP.NET 2.0 runs in 32-bit mode or in 64-bit mode. Therefore, if you want to run ASP.NET 1.1 and ASP.NET 2.0 at the same time, you must run IIS in 32-bit mode. See ME894435 for more information on this issue.
See ME885654 for details on how to fix this problem.

From a newsgroup post: "I was trying to move the default web root from “C:\Inetpub\wwwroot” to “D:\Inetpub\wwwroot”. In the process, something went wrong. The problem I was seeing was that every time I tried to access the web site (any page) I would get back a "Service Unavailable" page (no error message - that's the whole page). The Event log showed several EventIDs with the source W3CSVC, including this one. The problem turned out to be Group Policy. We had a GPO configured, that set the "Logon As A Service" right only to Admin users. Since "Network Service" isn't an admin (for good reason), it failed. I moved the server into a new OU with an overriding GPO, and everything fell into place. Look at ME812614 for the default permissions and user rights for IIS 6.0".


Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...