Home > MOSS 2007 > NULL SID Error (Event ID: 4625) and Application Pool Identity

NULL SID Error (Event ID: 4625) and Application Pool Identity

September 18th, 2009 Leave a comment Go to comments

Issue:

  • Environment:A medium server farm.
  • Identity:A brand new custom domain account with no special permissions assigned.
  • Action : Assigning the domain account as the application pool identity when creating a new Web application.
  • Error Message: Invalid Username or password.
  • Point of confusion: The same credentials work like a champ when logging to a test box in the domain. I can also add the user to a SharePoint group.
  • Event Log and ULS Log : Nope,nothing!
  • Googling (mmmm…Binging) : No dice!

Steps to find the real error:

  • Tried a simpler password by taking out the “!” because I was aware of some issues with usual culprits -%,&,$ etc used in app pool password.
  • Added  the user to a test site and tried to login – Yup… the user can NOT login to any SharePoint sites ; so there was something wrong! DUH!
  • Checked the Event log and that was where the following nasty little error rears its ugly head all over.This event was generated when actual logon request of the last step failed not when the central admin “Create or extend Web Application” was throwing “invalid username or password”. It was generated on the WFE where access was attempted.
< View plain text >
xml

  1. Log Name: Security
  2. Source: Microsoft-Windows-Security-Auditing
  3. Date: 18.09.2009 12:34:06
  4. Event ID: 4625
  5. Task Category: Logon
  6. Level: Information
  7. Keywords: Audit Failure
  8. User: N/A
  9. Computer: xxx.ch
  10. Description:
  11. An account failed to log on.
  12.  
  13. Subject:
  14. Security ID: NULL SID
  15. Account Name: -
  16. Account Domain: -
  17. Logon ID: 0x0
  18. ....

Resolution (or Workaround!):

  • Deleted the account and recreated it.
Categories: MOSS 2007 Tags:
  1. ben curry
    October 24th, 2009 at 22:27 | #1
    Reply | Quote

    ouch. same here on 2010 med farm build. happens with all of my accounts except app pool ident. i’ll let you know what I find 🙂

  2. artykul8
    December 15th, 2009 at 12:40 | #2
    Reply | Quote

    really?! it worked? hmmm
    i think the issue is basically disabling loopback check for local servers
    http://support.microsoft.com/default.aspx?scid=kb;en-us;896861

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck = 1

  3. Reza Alirezaei
    December 15th, 2009 at 12:48 | #3
    Reply | Quote

    @artykul8
    Loopback check?! How can this be an issue when you are hitting the the machines remotely (as opposed to locally)?

  4. jack
    October 14th, 2013 at 05:44 | #4
    Reply | Quote
You must be logged in to post a comment.