Note: This issue is also related to -> An exception occurred when trying to issue security token: The HTTP service located at http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas is too busy

Recently I had a client where their virtual environment failed due to a hardware failure. After they brought everything up and fixed the hardware issue SharePoint was not working. Specifically SharePoint Central Administration, Security Token Service App Pool, the main SharePoint web application and My Site web application would not start.

Based on numerous blog posts and my experience with IIS I started down the typical fixes:

  • Manually start the individual web application
  • Make sure the Identity on the web application was correct and the right credentials were in place
  • Even running the SharePoint Configuration Wizard to fix any issues

After each one of these I would try hitting SharePoint Central Administration and would get a Server Not Available 503 error then go back into IIS and the web application would be stopped.

I then started looking into the ULS and Event Viewer to dig a little deeper.I started to see a pattern of something did not have permissions across these multiple web applications. Finally I searched the webs on a Application Event ID error of 5059 that basically said that “Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.” Luckily this error pointed me to the follow SharePoint Forum post that got me on the right direction.

In essence there was a specific permission needed by SharePoint to allow the Identity for the web application to work. The local security policy of “log on as a batch job” user permission needs to be in place. My theory is when the domain went down a older version of the domain policy was pushed out and removed those permissions.

I ended up going into Group Policy Management console and had to find the policy where this was set. In this case the Domain Default Policy. The Log on as a batch job setting is found in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Log on as a batch job. Add the SP Admin accounts to the list and also add the IIS_IUSRS local Group as ith should contain the accounts for all the SP Application Pools. Afterwards I did a gpupdate /force and restarted the SharePoint server and everything was happy.

Hope this helps somebody else!

Thanks to Don Donais