Off the top of my head – does the application think it’s going to a non-local SQL Server (dunno why it would think that, but you never know). Then the app pool would be connecting as computername$
From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of David Connors Sent: Wednesday, 8 January 2014 1:18 PM To: ozDotNet Subject: IIS7 Application Pool Identity on domain joined machine I have an odd behaviour I've not noticed before. When deploying a bog standard ASP.NET<http://ASP.NET> + SQL Server app I create a database role and grant exec on all of the procs to that role. At the time of deployment I'll create a SQL Server login on the local box for IIS APPPOOL\<App Pool Name> and add it into that role. I have noticed that IIS7 doesn't appear to use the app pool identity when authenticating to SQL Server on a domain joined machine (even though IIS and SQL are ont he same box). ie. 1. App is set up with its own App Pool 2. Identity is set to ApplicationPoolIdentity 3. When connecting you get Login Failed for user CODIFY\<MACHINENAME>$ Exact same code on a non-domain-joined machine: 1. App is set up with its own App Pool 2. Identity is set to ApplicationPoolIdentity 3. When connecting you get Login Failed for user IIS APPPOOL\<APP POOL NAME> What's more perplexing is that in both cases, the w3p.exe is running at IIS APPPOOL\<APP POOL NAME> - which is what you expect. It just does this daft impersonation when the machine is domain joined... David. David Connors da...@connors.com<mailto:da...@connors.com> | M +61 417 189 363 Download my v-card: https://www.codify.com/cards/davidconnors Follow me on Twitter: https://www.twitter.com/davidconnors Connect with me on LinkedIn: http://au.linkedin.com/in/davidjohnconnors