Sterling International Consulting Group

SharePoint 2013 Application Pool Account User Profile

Email | Print

As was true with SharePoint 2010, it is very important that the account used for the SharePoint Application pools has a valid Domain User Profile to operate. This is particularly needed in 2013 as it can cause issues when deploying applications.

 

The error appears in the Event Application Log on the SharePoint front end server. Usually it is indicating that the account (the application pool account) was logged in with a temporary profile and that all changes will be lost when logged out (the account name is specified in the error).

 

Fixing this issue is usually easily done simply by logging into the SharePoint front end console (i.e. ON THE BOX) with the application pool account. Assuming all is well, a new profile folder is created in the c:\Users folder. If needed (though this doesn’t always work), you can add the account to the Remote Desktop Users group and try to use Remote Desktop to log in that way (remember to remove that right after the fact!).

 

However, that does not always fix the problem – I’ve had cases where even after repeated login attempts, the error still shows. As well, when logging in with the account, Windows will show a quick ‘popup’ message that indicates it is using a temporary profile. Further, if you reboot the SharePoint server (or run an IISReset), you may still see the Event Application Log error when a SharePoint site is opened (i.e. the application pool is ‘logged in’).

 

First of all, changing the account or permissions won’t fix the problem – what it means is that there is a corrupt profile for that account. Second, the problem will not fix itself.

 

I’ve used many ways to correct the problem but found the “perfect” fix:

 

Quick disclaimer: Backup the registry before you edit it or work with someone that knows how to use it properly.

 

Start off using an administration account and repeat the following process for every server in the farm (note: I’ve had to do this on the Domain Controller too!):

 

  1. Open the C:\Users folder and look for a folder under the same name as the account (i.e. SPAppPool) – if you DO NOT see it, log out and go on to the next server

 

  1. Zip the folder up if you want to (though not necessary) and delete the folder

 

  1. Using Start > Run… to open a command line (and so you are running as administrator), enter REGEDIT and run it

 

  1. When the Registry Editor opens, open the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

 

  1. Under this subkey, you will see a list of the accounts – each Key is based on the “SID” (the unique ID) for each account profile:

UserProfile_Part1

 

  1. When you select each subkey, you will see the name of the account under the “ProfileImagePath” value – find the one that belongs to the application pool account and delete the entire key (right click on the S-1… key and select Delete) then close out the editor

 

When you have completed the above on every server in the Farm, do the following:

  1. Next log in to the SharePoint front end server using an Administrator account
  2. Click Start then right click on Computer and select Manage – this will open the Server Manager page (or click it in the tool bar if available)
  3. Expand Configuration then Local Users and Groups then expand Groups
  4. Right click on the Administrators group and select Add to Group – add the application pool account in question
  5. Log out of the server and log back in using the application pool account (it should take a few minutes); when the user profile is created and desktop setup, you should see the standard Server Manager page that pops up for Administrators (you can close that)
  6. Open Windows Explorer and open c:\Users – verify that the account you are logged in as has a new folder there (that indicates the profile was created successfully)
  7. Assuming all is well, log out and log back in with an Administrator account
  8. Click Start then right click on Computer and select Manage – this will open the Server Manager page (or click it in the tool bar if available)
  9. Expand Configuration then Local Users and Groups then expand Groups then the Administrators group
  10. Remove the application pool account in question

Note that if you added the account to the Remote Desktop group, you should remove it.

Once you have completed, you can verify that all is well:

  1. Login to the SharePoint front end using an Administrator/Farm account
  2. Close any open browser windows
  3. Clear the Event Application log (if you can)
  4. Use the Start > Run… command (so you are running as an administrator), enter iisreset and click OK
  5. Open the Central Administration site
  6. Check the Event Application log (refresh if you have to) and verify that the error is no more

About us:

Sterling International Consulting Group is a specialist in enterprise systems including architecture, governance, business continuity, and disaster recovery planning with over 28 years in IT and management consulting. SICG also has a dedicated practice in SharePoint Technologies and Microsoft Technologies. From planning to analysis to development to deployment, SICG has the experience and knowledge to understand the best for your business – find out why: sicg@sterling-consulting.com – www.sterling-consulting.com.

Keep up with the latest articles and tips around SharePoint from author & CEO David Sterling via http://www.sharepoint-blog.com and his personal blog site:http://davidmsterling.blogspot.com or contact him directly at david_sterling@sterling-consulting.com.

Related Posts



One question

  1. site says:

    Appreciating the commitment you put into your
    site and detailed information you provide. It’s nice to come across a blog every once in a while that isn’t the same
    outdated rehashed material. Wonderful read! I’ve bookmarked your site and I’m adding
    your RSS feeds to my Google account.

    [Reply]

Ask This Expert a Question or Leave a Comment