500 Error when using custom account for application pool in IIS 7

I have a very simple site with only static files in IIS 7 on Windows Server 2008 SP2.

When I try to access any static file I get a 500 error. If I rename an html file to have an aspx extension it works fine.

The site also works fine when using the built in identity for the application pool. The problem occurs when I switch to using a custom account for the application pool. I have tried using both local and domain accounts to run the application pool under.

I have given full control to these accounts on the website directory and files.

Turning on tracing reveals this error message:
ModuleName: IIS Web Core
Notification: 2
HttpStatus: 500
HttpReason: Internal Server Error
HttpSubStatus: 0
ErrorCode: 2147943746
ConfigExceptionInfo
Notification: AUTHENTICATE_REQUEST
ErrorCode: Either a required impersonation level was not provided, or the provided impersonation level is invalid. (0x80070542)

I have not had any luck with googling the error code.


Prolem Solved: The IIS_IUSRS group was missing from the "impersonate a client after authentication" in the local security policy.


In my environment, due to group policy settings, I wasn't allowed to change "impersonate a client after authentication" setting nor to add the app pool user local admins so I went looking for why the impersonation was happening at all. By default anonymous authentication was set to use the IUSR user so the app pool user was using trying to impersonate it.

I've changed Anonymous user identity to "Application pool identity" so there's no need for impersonation. Anonymous authentication as application pool identity


you can try to change application pool for this virtual application and give for this new pool personal permissions

to give permissions for specific pool just give permissions for user "IIS APPPOOL\YOUR_POOL_NAME"