Problem:
When running PAS Discovery scans for IIS Pools, they are not found or not getting added to PAS. Errors in the discovery report (or pop-up message) will have a line that looks like this:

ERROR - Error occurred when discovering IIS app pools from <hostname>: Could not load file or assembly 'Microsoft.Web.Administration, Version=7.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. 







Cause:

1. The following ports are not opened on the IIS Server:

a. Port 135 (TCP) inbound direction: RPC Endpoint Mapper 
b. Port 139 (TCP) File and printer sharing (NB-Session-In) inbound communication if the operating system is Windows Server 2016.
b. Dynamic RPC port for process DllHost.exeSolution



2. IIS Management Tools are not installed on the Cloud Connectors




Solution:
 

1. In addition to opening TCP ports 135 (and 139 for Win2016 Servers), please use the following steps to open a firewall rule for Dynamic RPC port:

1. Start a new inbound rule
2. Select "custom" as a Rule type
3. Provide program name "%systemroot%\system32\dllhost.exe"
4. Protocol TCP, Local port "RPC Dynamic Ports" , Remote ports "All Ports"
5. Action : allow connection
6. Profile : Domain

*Please note that the above rules are also needed when adding an IIS application pool manually as well (not just when discovering them)*
 

2. The following instructions can be used to install IIS on a Windows 2012 server (Cloud Connector)

https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/installing-iis-8-on-windows-server-2012



Then try again to run the discovery job and it should now pick up the IIS pools.