Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-15326: IIS Application Pools Not Found During PAS Discovery Scans

Privileged Access Service ,  

26 June,19 at 02:41 PM

When running PAS Discovery scans for IIS Pools, they are not found or not getting added to PAS. Errors in the discovery report (or pop-up message) will have a line that looks like this:

ERROR - Error occurred when discovering IIS app pools from <hostname>: Could not load file or assembly 'Microsoft.Web.Administration, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. 

User-added image


1. The following ports are not opened on the IIS Server:

a. Port 135 (TCP) inbound direction: RPC Endpoint Mapper 
b. Port 139 (TCP) File and printer sharing (NB-Session-In) inbound communication if the operating system is Windows Server 2016.
b. Dynamic RPC port for process DllHost.exeSolution

2. IIS Management Tools are not installed on the Cloud Connectors


1. In addition to opening TCP ports 135 (and 139 for Win2016 Servers), please use the following steps to open a firewall rule for Dynamic RPC port:

  1. Start a new inbound rule
  2. Select "custom" as a Rule type
  3. Provide program name "%systemroot%\system32\dllhost.exe"
  4. Protocol TCP, Local port "RPC Dynamic Ports" , Remote ports "All Ports"
  5. Action : allow connection
  6. Profile : Domain

*Please note that the above rules are also needed when adding an IIS application pool manually as well (not just when discovering them)*

2. The following instructions can be used to install IIS on a Windows 2012 server (Cloud Connector)

Then try again to run the discovery job and it should now pick up the IIS pools.