Operations on application pools as admin and non-admin

NOTE: This is a cross-post from bilalaslam.com

Sometimes, as part of a deployment, you want to stop, start or recycle the remote application pool. For example, some lightweight database engines hold the database in memory, so if you publish a new database, changes won’t show until you recycle the app pool. Another reason to recycle the application pool is if your application has flaky memory management, and you want to start from a clean slate.

Web Deploy has a provider, recycleApp, which allows you to perform certain operations on application pools. This provider only works on IIS7 and higher. Read on to find out more.

recycleApp provider as administrator:

First, let’s see how we can recycle a remote application pool:

msdeploy.exe -verb:sync -source:recycleApp -dest:recycleApp="Default Web Site",recycleMode="RecycleAppPool",computerName=remote-computer

Let’s break this down:

  • -verb: sync. A sync verb is a little odd since you are really trying to do an operation on a remote object, but not so odd if you remember that Web Deploy has a source-to-destination sync model.
  • -source:recycleApp. We want to use the recycleApp provider.
  • -dest:recycleApp=”Default Web Site”. We are telling Web Deploy to recycle the application pool for the Default Web Site.
  • recycleMode=”StopAppPool”. Pretty self-explanatory, we’re telling the recycleApp provider to stop the app pool.
  • computerName=remote-computer. You may trip up here. We are telling Web Deploy to connect to the Remote Agent Service on the remote computer. If that service isn’t started, you’ll see an error like this:

Error: Remote agent (URL http://remote-computer/MSDEPLOYAGENTSERVICE) could not be contacted.  Make sure the remote agent service is installed and started on the target computer.
Error: An unsupported response was received. The response header 'MSDeploy.Response' was '' but 'v1' was expected.
Error: The remote server returned an error: (503) Server Unavailable.
Error count: 1.

To fix this, make sure Web Deploy (with all of its optional components, including the Remote Agent Service) is installed on the remote computer. Also, on the computer, run “net start msdepvc” from an elevated command prompt.

recycleApp provider as non-administrator:

Some of you may want non-administrators to be able to run the recycleApp provider. For example, shared hosting providers like to do this because recycling application pools makes some applications behave better after deployment. We will enable users to do this by created a delegation rule for the recycleApp provider.

First, read up on how to set up delegation rules in general. Kristina’s Blog has a good post on this. However, she doesn’t cover recycleApp.

Add a new delegation rule like this:


Notice that you have to set the Run As identity to a specific user, namely an administrator. This is a limitation of IIS, that only administrators can recycle application pools. One thing to be careful about: if you allow multiple sites or applications to share an application pool, do NOT set up this rule. If you do, while recycling their own application pools, users will be able to disrupt other people’s sites. You should only set up this rule if you have a one-application-per pool model.

To test this rule, run this command from the source computer:

msdeploy.exe -verb:sync -source:recycleApp -dest:recycleApp="Default Web Site",wmsvc=remote-computer,userName=IISManagerUserName,Password=IISManagerUserPassword,recycleMode="RecyleAppPool" –allowUntrusted

Notice that in this command, we are telling Web Deploy to connect using the Web Management Service (wmsvc), which is required for delegated deployments. Also, unless you have a valid certificate on the remote machine, you should use the –allowUntrusted flag which bypasses certificate errors.

No Comments