- Plesk 12.0 for Windows
- Plesk 12.5 for Windows
After Plesk upgrade to Plesk 12 or 12.5 all sites on shared application pool stopped working with error:
CONFIG_TEXT: 503 Service Unavailable or
HTTP 400 - Bad Request (Request header too long)
the following message can be observed:
CONFIG_TEXT: During a logon attempt, the user's security context accumulated too many security IDs. This is a very unusual situation. Remove the user from some global or local groups to reduce the number of security IDs to incorporate into the security context.
Starting from Plesk 12 security settings are updated for all subscriptions:
Security rules for IUSR_ user will be converted to rules for IWPG_ group.
Security rules for IWPD_ or IWAM_plesk (default) users will be converted to rules for IWPG_ group.
After upgrade old IUSR_ accounts are not removed from the system, although they are no longer used.
If the shared application pool is used, application pool user can be included in a huge amount of groups (depending on a number of subscriptions assigned to application pool). Such user might not be able to authenticate because the token that is generated during authentication attempts has a fixed maximum size.
Switch some or all websites to Dedicated IIS application pool.
For all subscriptions on one particular service plan:
Open Plesk > Service Plans
Dedicated IIS application pool& click Update & Sync button.
For all subscriptions:
Connect to the server via RDP and run the command:
C:\> "%plesk_bin\\server_pref.exe" --set-iis-app-pool-settings -iis-app-pool-mode dedicated