SharePoint 2010: HTTP Error 503 – Service Unavailable.

KBID

EXP-INC-00003

Title

HTTP Error 503. Service Unavailable

Introduction

When you are working with SharePoint 2010 or SharePoint 2013 environments you probably have seen the HTTP Error 503. Service Unavailable error at some point. This error can have several causes, when you use your favourite search engine you can find a lot of articles on this subject.

Some common causes can be:

  • a disabled application pool
  • an invalid identity for a application pool because of an expired password.

This article describes how I ran into an issue with a group policy that caused a HTTP Error 503.

Symptoms

When you navigate to a SharePoint 2010 site you get an error:
HTTP Error 503. Service Unavailable

HTTP Error 503. Service Unavailable

Steps to Reproduce

1. Navigate to your SharePoint 2010 site

Cause

In my case this error was caused by a removal of Log on as a batch permissions of the Application Pool account on one of the Application servers in a SharePoint 2010 farm. The application pool account of your web application needs this permission on the server where it is running, you can also check out Corey Roth his blogpost on this topic, Corey’s Guide to SharePoint Service Accounts.

When navigating to the System Log on one of the servers in the SharePoint 2010 farm I saw an event of the Windows Process Activation Service (WAS) source with ID 5021:
The identity of application pool ‘yourapplicationpoolname’ is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.

System Log - WAS event id 5021
After finding the 5021 event I wanted to check what my Application Pool Identity was. You can check what the identity of your application pool is via the Application Pools view in Internet Information Service (IIS) Manager.

IIS - Application Pool Identity

When you established what your Application Pool identity is you can open the Local Security Policy Editor on the same server. You can also use run and type secpol.msc to fire it up. Check what the Security Setting is for the Log on as a batch job policy.

In my case a custom policy was set which had overwritten the default settings. The result was that the Log on as batch job permissions of the application pool Identity were removed.

Local Security Policy Editor - Log on as a batch job

Applies to

SharePoint 2010, SharePoint 2013

Workaround

Not Applicable

Solution

Add the Application Pool Identity account the Log on as a batch job group policy or give the account permissions via a local policy on the server if you are not using group policies.

References

Dot Net Mafia – Corey’s Guide to SharePoint Service Accounts
Technet – Account permissions and security settings in SharePoint 2013
Technet – Event ID 5021

SharePoint 2013: How to get the available page layouts of a web

Title

Get the available page layouts of a web in SharePoint 2013 via PowerShell

Business Goal

In my work as a consultant I sometimes need to analyse how a current SharePoint 2013 farm looks like. Of course you have great tools to help you with this like SPDOCKit. But sometimes I need more details of a farm. In this case I needed information on what kind of page layouts where used on a web.

Technical Overview

The solution is a PowerShell script that uses GetAvailablePageLayouts method to get the available page layouts of a web in a SharePoint 2013 farm. It also uses a definition of a parameter to get a value of a web. A nice description of this technique can be found in an article of Don Jones in Technet Magazine – Windows PowerShell: Defining Parameters.

Prerequisites

To complete this how-to, you must have the following prerequisites must be met:
– A domain account that can log on to one of the SharePoint 2013 servers
– A domain account that has privileges to manage SharePoint 2013 via PowerShell (SPShellAdmin role)

Steps

1. Run the Powershell script .\get_pagelayouts.ps1 with your desired weburl, for instance .\get_pagelayouts.ps1 http://weburl

Additional resources

Gallery Technet – Get the available page layouts of a web
SPDOCKit
Technet – PublishingWeb.GetAvailablePageLayouts method
Technet Magazine – Don Jones – Windows PowerShell: Defining Parameters

Applies to

SharePoint 2013, SharePoint 2010

Change History

23-01-2015 – 1.0