Hi all,
I built a Windows Server 2008 R2 virtual machine from scratch and configured it with the base setups that I want all of my Server 2008 R2 virtual machines to have. I tested everything and it works fine. I have installed and configured IIS, set up virtual directories and that is all working as well. I powered the machine off and exported it to an OVF template. I then deployed that template, configured it using the vCenter Converter Standalone tool and powered on the machine, left it sysprep, and when it's all done, IIS doesn't work.
Here's my configuration. We have 3 VM hosts, each running different versions of ESXI. The 3 versions we are using are:
- 4.0.0-208167
- 4.1.0-260247
- 4.1.0-502767
The versions of vCenter Converter Standalone that I've tried using for configuring the machine I deployed using the template include:
The VM that I refer to that I built and exported to a template was built on the VM host version 4.0.0-208167. I have tried deploying that template to all 3 VM hosts with them all having the same issues.
And here's the issue I'm having. When I first try accessing the server's default web site (or any virtual directory created within the default web site for that matter), I get a 503 error. I look in the event viewer and there is an event log with this info:
- Log: Application
- Source: IIS-W3SVC-WP
- EventID: 2307
- Level: Error
- Message: The worker process for application pool 'DefaultAppPool' encountered an error 'Failed to decrypt attribute 'password' ' trying to read configuration data from file '\\?\C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config', line number '179'. The data field contains the error code.
After searching online, I found an article that indicated to go into the file C:\Windows\system32\inetsrv\config\applicationHost.config, find the <configProtectedData> node and remove the providers section, and then do an iisreset. I did this and when I browsed to the default web site, all was well and I thought I was good to go.
But not quite. Next thing I needed to do was update some of the virtual directories that were previously configured on the base template to point to a network share that was specific to each server I deploy and configure from the template. That virtual directory is set up to Connect As a domain account. If I try to update the network share from within the IIS management console, when I try to close the window I get an error 'Value does not fall within the expected range'.
So I searched online for this problem. I found an article (http://forums.iis.net/p/1160389/1915020.aspx#1915020) that indicated to run the following command to resolve this problem:
iissetup.exe /install SharedLibraries
It even indicates that you will get an error, but that it still resolves the problem. So I gave it a shot and it did indeed resolve the problem. And you would think this would be good news. However, the first problem is now back.
I've used PsGetsid to make sure that the machine I deployed using the template has a different SID than the template had and they do indeed have different SIDs.
So at this point, I'm not sure what else to look at or try. I've been looking at google, these forums, MSDN, stackoverflow, etc. for days to no avail. Any help would be extremely appreciated.
Thanks in advance,
Eric
