Error when applying DSC config with app pool custom user account to a server


I am trying to configure app pools with a specific AD user account. It’s for an on-prem Windows Server 2019 standard. The error I get is

PowerShell DSC resource DSC_WebAppPool failed to execute Set-TargetResource functionality with error message: AppCmd.exe has exited with error code "13".

when I run the command:
Start-DscConfiguration -Path .\MultipleAppPools\ -ComputerName server1 -Wait -Verbose -Force

The script I’m using to generate the MOF file is:

Configuration MultipleAppPools

    Import-DscResource -ModuleName WebAdministrationDsc

    Node server1
        foreach ($AppPool in $AppPools) {

            WebAppPool $AppPool.Service {
                Name                      = $AppPool.Service
                Ensure                    = "Present"
                State                     = "Started"
                autoStart                 = $true
                idleTimeout               = $AppPool.Timeout  
                restartPrivateMemoryLimit = $AppPool.Memory
                logEventOnRecycle         = "Time,Memory,PrivateMemory"
                identityType = "SpecificUser"
                Credential = $credential

            } #WebAppPool

} #Configuration MultipleAppPools

$configData = @{
    AllNodes    = @(
            NodeName                    = '*'
            PSDscAllowDomainUser        = $true
            PSDscAllowPlainTextPassword = $true
    NonNodeData = ''
} #configdata

# Read the contents of the JSON file
$json = Get-Content -Path "settings.json" -Raw

# Convert the JSON data to a custom object
$appPools = ConvertFrom-Json -InputObject $json

# Get credentials
$credential = (Import-CliXml -Path 'C:\temp\cred.xml')

# Pass the custom object to the MultipleAppPools cmdlet
MultipleAppPools -AppPools $appPools -ConfigurationData $configData -OutputPath:"./MultipleAppPools"

It looks like it is generating the mof file correctly. I know that it’s not the best idea to include credentials in the mof, but after applying config I intend to delete it. I can see the password is correct in the mof file. Any help would be appreciated regarding this error.

I have noticed that in the advanced settings of the app pool I can see ‘SpecificUser’ in the Process model → Identity. I was expecting that field to have the actual username, I have configured other app pools manually with a custom user and they have the actuall username in that field, so I’m not sure if the config script is correct.

If I try to do it manually it works:
%windir%\system32\inetsrv\appcmd.exe set config /section:applicationPools /[name=‘Batch’].processModel.identityType:SpecificUser /[name=‘Batch’].processModel.userName:test /[name=‘Batch’].processModel.password:Test

In case anyone sees this, I made a mistake in the format of the idleTimeout. I had specified 20 in the json file, but it is expecting 00:20:00, as shown here: WebAdministrationDsc/source/Examples/Resources/WebAppPool/Sample_WebAppPool.ps1 at main · dsccommunity/WebAdministrationDsc · GitHub

The following line will output 00:20:00
idleTimeout = (New-TimeSpan -Minutes 20).ToString()

1 Like