Having a custom developed Web Service hosted on Windows 2008 Server, after some fine tuning on the system, the service started to respond with a SOAP fault stating “Requested registry access is not allowed”.
The origin of the error was the attempt the service made to write on the Event Log.
One of the changes we had made to the application was the application pool identity. It was running on Classic mode with a given domain account and we re-configured it to run on integrated mode with the application pool identity.
To grant rights to a given user account for writing on the Event Log, you should perform the steps to edit the registry described here:
- Find key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog”
- Right-click and choose “Permissions”.
- Put in the desired account
The catch is that the application pool is running with the Application Pool Identity Account. This is a Windows user account called “IIS APPPOOL\AppPoolName”, which is created when the Application Pool is created, where AppPoolName is the name of the Application Pool.
On the permission dialog, search the local host for the “IIS APPPOOL\AppPoolName” replacing “AppPoolName” for your custom given name.
After that, the Web service worked fine.