how to fix Windows NT user or group 'IIS APPPOOL\DefaultAppPool' not found?

Question

when I run on sql server 2005:

EXEC sp_grantlogin "IIS APPPOOL\DefaultAppPool"

I get the error:

Msg 15401, Level 11, State 1, Procedure sp_grantlogin, Line 49
Windows NT user or group 'IIS APPPOOL\DefaultAppPool' not found. Check the name again.

How can I fix this?

Answer 1

This work for me

CREATE LOGIN [IIS APPPOOL\MyAppPool] FROM WINDOWS;
CREATE USER MyAppPoolUser FOR LOGIN [IIS APPPOOL\MyAppPool];

Answer 2

You need to ensure that there is a Windows account called IIS APPPOOL\DefaultAppPool on the machine. Run Computer Management on the machine,go to Local Users and Groups, and look at the properties in IIS_IUSRS.

If there is no account there called IIS APPOOL\DefaultAppPool then that is why you cannot add a login to SQL Server. You will only have this account on your SQL Server machine if you are also running IIS on that machine, as IIS APPPOOL\DefaultAppPool is a local account.

This link http://forums.iis.net/t/1174325.aspx seems to be very similar to your problem. There are some tips on how to solve the problem, including one at the very end which looks important.

Answer 3

For a lazy set up on my IIS 7.5 development box, I use BUILTIN\IIS_IUSRS instead of the application pool identity IIS APPPOOL\DefaultAppPool.

As the (dynamic) app pool identity users are always members of the Group IIS_IUSRS, if you rename the app pool, or use a different app pool, it doesn't break the SQL permissions.

ref, Use BUILTIN\Group to Grant Access to Predefined Windows NT Groups: http://support.microsoft.com/kb/216808