I was setting up a web application recently, and was getting an error stating that the specified password is invalid for the application pool identity.
It was suffering from the ‘double hop‘ issue whereby the windows authenticated NTLM credentials couldn’t ‘hop’ once more to authenticate with the SQL server back-end (which resided on a remote machine).
I drilled into the Advanced Settings of my application pool and opened up the ‘Identity’ section and selected ‘Custom Account’. For the username I entered
[Domain]\[Username]
(a dedicated service account with write access to the SQL server) and entered the password. To my surprise I received the following error message:
The Specified Password is Invalid. Type a new password.
So naturally I typed the credentials again, and again, to the point where I realised it wasn’t my jelly fingers that were causing the issue!
The issue turned out to be that the username was too long! And to circumvent the issue without changing the username to something shorter, I navigated to Active Directory Users and Computers, found the user account, opened the user account properties, navigated to the ‘Account’ tab and used the pre-windows 2000 username instead! And bish, bash, bosh. It worked! The error message was misleading to say the least!