A user is considered invalid if it isn't a member of IIS_WPG (Internet Information Services Worker Process Group) or it hasn't been granted the right to logon as a service. To check and possibly fix the latter, follow these steps:
- Run Local Security Policy applet which is usually under Administrative Tools or you can Start>Run with "secpol.msc".
- Expand the Local Policies node and click User Rights Assignment.
- Open the "Log on as service" policy either by double-clicking or right-clicking and selecting Properties.
- Click "Add User or Group..." and enter the name of the user for the app pool's identity.
- Restart the machine. The security policy is only read on boot.