benjamin perkins, (aka @csharpguitar)

Lab 5: Basic and Advanced Application Pool Settings

In this lab you will learn about the Basic and Advanced application pool settings. The interface to change the behavior of the W3WP.exe process in which the web site runs is provided through these two settings windows.

Lab 5.1 – Basic Application Pool settings

List of IIS Application Pools

Figure 1, List of IIS Application Pools

modify basic IIS application pool settings

Figure 2, modify basic IIS application pool settings

Lab 5.2 – Advanced Application Pool settings

There are a lot of setting which you can set on the application pool. Let’s review some of them.

modify advanced IIS application pool settings

Figure 3, modify advanced IIS application pool settings
Attribute Description
MaxWorkerThreads Limits the maximum number of worker threads.
MaxIoThreads Limits the maximum number of completion threads.
minFreeThreads Determines how many worker threads and completion threads must be available to start a remote request.
minLocalRequestFreeThreads Determines how many worker threads and completion threads must be available to start a local request.
maxConnection Determines how many connections can be made to a specific IP address.
Table 1, the ASP.NET process model

Lab 5.3 – Add Items to your Shopping Cart

This lab will show you how to change the application pool identity and why you might want to do that.

  1. Make sure the CSharpGuitarBugs website is configured in IIS. When configured correctly, you should receive this result when clicking the ‘Add to Cart’ button after clicking the ‘Add items to your Shopping Cart’ link.

how to change the application pool identity

Figure 4, how to change the application pool identity
  1. Create the mySubDir directory within c:\windows\system32 and retry step 1, which will result in the following.

how to change the application pool identity

Figure 5, how to change the application pool identity
  1. Startup Process Monitor to see what is happening, once running, reproduce the issue. You should see the following log entry.

how to change the application pool identity

Figure 6, how to change the application pool identity
  1. The reason you cannot create the file is because the User account which the application pool runs within does not have that permission. You can do 2 things here, you can grant the IIS APPPOOL\CSharpGuitarBugs account permission or create a custom account, grant that account access to the directory.

  2. Let’s first grant IIS APPPOOL\CSharpGuitarBugs access to the directory…(this is just an example, avoid granting access to anything to this directory…it is just the simple example)

a. You may need to change your User Account Control settings to perform this task (UAC)

  1. Right-click on the c:\windows\system32\mySubDir directory, Properties, Security tab, Edit and then Add. Make sure the Locations is set to the local server. Add IIS APPPOOL\CSharpGuitarBugs and click OK.

how to change the application pool identity

Figure 7, how to change the application pool identity
  1. Grant the user Modify permissions, then click OK and OK again.

  2. Click the ‘Add Item’ button after clicking the ‘Add items to your Shopping Cart’ link again and the file is successfully created

  3. Remove the permission, test to make sure the error comes back

  4. Open the Advanced Settings… of the CSharpGuitarBugs application pool and change the identity to a custom identity. You can do this using MMC.

how to change the application pool identity

Figure 8, how to change the application pool identity
  1. Access the website and you get a similar Access Denied error. Notice, that the account under which the W3WP process is running is now the custom identity.

how to change the application pool identity

Figure 9, how to change the application pool identity
  1. Grant that account Modify permission on the c:\windows\System32\MySubDir and access the website.

how to change the application pool identity

Figure 10, how to change the application pool identity

LAB 5.4 – Orphaning

  1. Place a copy of the Orphan.bat (like the below) file into the C:\temp directory on the IIS web server
setlocal
set TIMESTAMP=%DATE% - %TIME%
set LOG=c:\temp\log.txt
echo %TIMESTAMP% >> %LOG%
endlocal
  1. Navigate to the advanced settings of the CSharpGuitarBugs application pool.

  2. Make the following changes:

IIS Orphaning

Figure 11, IIS Orphaning]
  1. Check what the current PID of the CSharpGuitarBugs worker process is.

IIS Orphaning

Figure 12, IIS Orphaning]
  1. Access the CSharpGuitarBugs website and click on the ‘Provide some Feedback’ link. Click on the ‘Send Feedback’ button which will cause the application pool to orphan.

  2. Look in the c:\temp directory and you will see a log.txt file written and in Task Manager you will see that the worker process has a new PID once the site is accessed again (assuming Always On is disabled).

IIS Orphaning

Figure 13, IIS Orphaning]

This works similar to the Rapid-Fail Protection capabilities, perform the same using that feature and determine if there are any differences.

LAB 5.5 – Event Logs

  1. Modify the Recycling attributes of the CSharpGuitarBugs application pool, as shown below, confirm both Application Pool Configuration Changed and Manual Recycle are set to True.

Application Pool Configuration Changed and Manual Recycle

Figure 14, Application Pool Configuration Changed and Manual Recycle
  1. Press OK.

  2. Manually recycle the worker process, for example:

Application Pool Configuration Changed and Manual Recycle

Figure 15, Application Pool Configuration Changed and Manual Recycle
  1. Make a configuration change, for example, create a self-signed SSL certificate and bind it to the Default Web Site

  2. Open the Event Viewer and look for the logs in the System Event Viewer

Application Pool Configuration Changed and Manual Recycle

Figure 16, Application Pool Configuration Changed and Manual Recycle

Using the Configuration Editor to change Application Pools settings

You can change application pool settings from within the configuration editor.

  1. Click on the Server name, server level (not Sites), in the IIS Management Console and open the Configuration Editor by clicking on the Configuration Editor icon in the feature pane (it is in the Management section towards the bottom of the window, you may need to scroll down)

  2. Navigate to system.applicationHost/applicationPools

Application Pool Configuration Changed and Manual Recycle

Figure 17, Application Pool Configuration Changed and Manual Recycle
  1. This provides you with an interface for changing all of the application pool settings.

  2. After you make a change, you can close the window and click the Apply link in the Action pane, wait, before you do that, click on the Generate Script link and you will see how you can do the same using C#, JavaScript, AppCmd and PowerShell. Very nice feature.

Application Pool Configuration Changed and Manual Recycle

Figure 18, Application Pool Configuration Changed and Manual Recycle