Symptom:

 

IIS Admin Service cannot start. IIS manager shows a blank window.

It throws error code 0x80004015, "The class is configured to run as a security id different from the caller", when starting the service.

 

Troubleshooting:

And error is found in event log when starting IIS admin service.

Event Type:        Error

Event Source:    W3SVC

Event ID:              1036

Description:

A failure occurred while initializing the configuration manager for the World Wide Web Publishing Service. The data field contains the error number.

 

Data:

0000: 80070005

The error code 80070005 means “Access Denied”.

 

Together there are other errors in the event log, for example

Event Type:        Error

Event Source:    CryptSvc

Event ID:              512

Description:

The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

 

Details:

System Writer object failed to subscribe to VSS.

 

System Error:

Catastrophic failure

No file system or registry “access denied” error can be captured by Process Monitor.

 

Check the services and compare the status/startup to a default system.

The following services are all in running status:

·         Remote Procedure call

·         Secondary Logon

·         Distributed Transaction Coordinator

·         DCOM Server Process Launcher

 

 

 

 

Solution:

The issue was resolved after we added the "SERVICE" and "Administrators" accounts back to the "Impersonate a Client after Authentication" setting and rebooted the server.

1.       Start -> Run -> GPEDIT.MSC.

2.       Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.

3.       Double-click 'Impersonate a client after authentication'.

4.       Make sure that at least Administrators and SERVICE exist. If not add them and restart.

 

Regards,

 

Juntao