I have a site running on IIS7. The application pool is running under a

Question

0

Asked: May 20, 20262026-05-20T14:13:09+00:00 2026-05-20T14:13:09+00:00

I have a site running on IIS7. The application pool is running under a

0

I have a site running on IIS7. The application pool is running under a local machine account. We are using Windows Authentication to authenticate users but this is failing because the local account does not seem to have permission to make the Kerberos request to the domain controller as the event log seems to indicate:

An account was successfully logged on.

Subject:
Security ID: NULL SID

Account Name: –

Account Domain: –

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID:        MyDomain\mark

Account Name:       Mark

Account Domain:     MyDomain

Logon ID:       0x2ed3554

Logon GUID:     {4a4f0c3f-2232-c2d9-9868-3a020042810f}

If I use the accounts Network Service, Local Service or Local System then all works fine. So what additional permission do I need to grant my local machine account so that it can support Windows Authentication with Kerberos?

Thank!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T14:13:09+00:00

After some more research I think basically it is a flawed idea using a local machine account with Kerberos. There doesn’t seem to be a way to add the local account into AD so how could it communicate with the domain controller? Therefore, I opted for disabling Kerberos on sites running under a local account:

cscript C:\inetpub\adminscripts\adsutil.vbs set w3svc/1/root/MyVirtualDirectory/NTAuthenticationProviders "NTLM"

Hope this helps someone.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a site running on IIS7. The application pool is running under a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply