SharePoint Experts, Information Architects, Expert Witness

We provide consulting in a broad array of business and technology from architecture to design to deployment of global systems with a focus on surfacing data in the enterprise. Specialists in Microsoft, we are a premier provider of SharePoint Expertise (including 2016 and Office 365). We also provide Expert Witness/Legal Expert in eDiscovery, source discovery, patent infringement, piracy and more! We also have established SICG DLDS s.a. - our counterpart in Costa Rica that specializes in water systems (http://www.crwatersolutions.com) - Contact me direct: david_sterling@sterling-consulting.com or call 704-873-8846 x704.

Search This Blog

Friday, January 25, 2013

SharePoint 2013 Application Pool Account User Profile


As was true with SharePoint 2010, it is very important that the account used for the SharePoint Application pools has a valid Domain User Profile to operate. This is particularly needed in 2013 as it can cause issues when deploying applications.

The error appears in the Event Application Log on the SharePoint front end server. Usually indicating that the account (the application pool account) was logged in with a temporary profile and that all changes will be lost when logged out (the account name is specified in the error).

Fixing this issue is usually easily done simply by logging into the SharePoint front end console (i.e. ON THE BOX) with the application pool account. Assuming all is well, a new profile folder is created in the c:\Users folder. If needed (though this doesn’t always work), you can add the account to the Remote Desktop Users group and try to use Remote Desktop to login that way (remember to remove that right after the fact!).

However, that does not always fix the problem – I’ve had cases where even after repeated login attempts, the error still shows. As well, when logging in with the account, Windows will show a quick ‘popup’ message that indicates it is using a temporary profile. Further, if you reboot the SharePoint server (or run an IISReset), you may still see the Event Application Log error when a SharePoint site is opened (i.e. the application pool is ‘logged in’).

First of all, changing the account or permissions won’t fix the problem – what it means is that there is a corrupt profile for that account. Second, the problem will not fix itself.

I’ve used many ways to correct the problem but found the “perfect” fix:

Quick disclaimer: Backup the registry before you edit it or work with someone that knows how to use it properly.

Start off using an administration account and repeat the following process for every server in the farm (note: I've had to do this on the Domain Controller too!):


a.       Open the C:\Users folder and look for a folder under the same name as the account (i.e. SPAppPool) – if you DO NOT see it, log out and go on to the next server

b.      Zip the folder up if you want to (though not necessary) and delete the folder

c.       Using Start > Run… to open a command line (and so you are running as administrator), enter REGEDIT and run it

d.      When the Registry Editor opens, open the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

e.      Under this subkey, you will see a list of the accounts – each Key is based on the “SID” (the unique ID) for each account profile:

f.        When you select each subkey, you will see the name of the account under the “ProfileImagePath” value – find the one that belongs to the application pool account and delete the entire key (right click on the S-1… key and select Delete) then close out the editor

When you have completed the above on every server in the Farm, do the following:
  1. Next log in to the SharePoint front end server using an Administrator account
  2. Click Start then right click on Computer and select Manage – this will open the Server Manager page (or click it in the tool bar if available)
  3. Expand Configuration then Local Users and Groups then expand Groups
  4. Right click on the Administrators group and select Add to Group – add the application pool account in question
  5. Log out of the server and log back in using the application pool account (it should take a few minutes); when the user profile is created and desktop setup, you should see the standard Server Manager page that pops up for Administrators (you can close that)
  6. Open Windows Explorer and open c:\Users – verify that the account you are logged in as has a new folder there (that indicates the profile was created successfully)
  7. Assuming all is well, log out and log back in with an Administrator account
  8. Click Start then right click on Computer and select Manage – this will open the Server Manager page (or click it in the tool bar if available)
  9. Expand Configuration then Local Users and Groups then expand Groups then the Administrators group
  10. Remove the application pool account in question
Note that if you added the account to the Remote Desktop group, you should remove it.


Once you have completed, you can verify that all is well:
  1. Login to the SharePoint front end using an Administrator/Farm account
  2. Close any open browser windows
  3. Clear the Event Application log (if you can)
  4. Use the Start > Run… command (so you are running as an administrator), enter iisreset and click OK
  5. Open the Central Administration site
  6. Check the Event Application log (refresh if you have to) and verify that the error is no more

No comments: