This article explains what IIS identity the GSX Analyzer web application is using when running. With a standard installation of GSX software, there is usually no issue with using the Default IIS Application Pool and Identity, but sometimes GPOs and/or applied security policies reduce the permissions of the Application Identity account and you will need to specify a new one or elevate existing permissions for proper functioning.
Symptoms
- HTTP Error 500.19 Internal Server Error.
- Cannot read configuration file due to insufficient permissions.
How it Works
GSX Analyzer is running with the permissions of the configured Application pool. By default, it is a built-in account created when the IIS server was installed. This account needs to have permissions to modify the GSX Analyzer\Web Site folder and its contents, in particular the web.config file, for the GSX Analyzer web site to run properly.
To check which pool is assigned:
- Open the IIS Management Console by typing inetmgr in a cmd prompt.
- Expand Sites from the left hand pane.
- Select AnalyzerWebSite.
- Click on the Basic Settings link on the Actions pane.
- This opens the web site application settings. The Application pool used by the AnalyzerWebSite in this example is the DefaultAppPool:
- Take note of the configured Application pool.
- Close this window.
Now we can look at the settings of the application pools to see what permissions they are using:
- In the left hand pane, select Application Pools.
- Locate the application pool used by GSX Analyzer.
- Right-click this and select Advanced Settings.
- Under Process Model, notice the Identity field:
- You can select an account other than ApplicationPoolIdentity here or specify a custom one:
ApplicationPoolIdentity is the default built-in account, designed for the purpose of running .NET Framework based applications such as GSX Analyzer.
Local System is a high level account that can be used during testing to eliminate any permission issues.