When IIS application pools don’t have correct configuration or permissions, they may unexpectedly stop which causes the website to give “HTTP 503 – Service Unavailable” error. Event ID 5059 clearly shows the reason behind the 503 error: “Application pool has been disabled”.
Other events you may see in Event Viewer are 5021 (The identity of application pool %1 is invalid) and 5057 (Application pool %1 has been disabled). Here are the detailed error messages.
Getting an Schannel error? Check these posts out.
Event ID 5021
The identity of application pool %1 is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.Source
Event ID 5057
Application pool %1 has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.Source
Event ID 5059
Application pool %1 has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.Source
How to solve “Application pool has been disabled” error
There are several possible causes of HTTP 503 status code and 5059 event ID. Here is a list of things to try to solve this issue. You may need to restart IIS or machine after each change.
- Make sure the account used as application pool identity is not locked
- Reset the password of the application pool identity account in case it is expired
- Try using another domain account as application pool identity
- Give “Log on as Batch Job” permission to the application pool identity account
- Add the application pool identity account to
- Give “Full Control” to application pool identity account on shared data and configuration folders
- Check account information in applicationHost.config for possible typos
- Recreate application pools, websites, and shared configuration (if used)
- Switch from built-in account to domain account for application pool identity
- Make sure to use the same encryption provider (
IISCngProvider) in applicationHost.config
- Change application pool process model from
- If it is a shared configuration setup in IIS, use the same
Note: If you come across 503.2 Bad Gateway (0x80072f8f) error, add SecureConnectionIgnoreFlags Registry key and set it to 0x00003300 as explained in this post.
- StackOverflow thread
- CNG Data Encryption Providers in IIS 10
- Shared Configuration
- Shared configuration and password expiration