From here if found this:
This error means "Invalid class
string" -- in other words the call to
CreateObject failed because the name
object cannot be found by the OLE
sub-system. Causes include:
You really didn't run regsvr32 on the server after all.
You ran regsvr32 but
it reported an error.
Someone modified
security on part of the registry
that's preventing the OLE subsystem
from reading all or part of the
HKEY_CLASSES_ROOT tree.
The name of
the object you are trying to create
was mispelled or is incorrect.
Determine if it's a permissions
problem
Also, since you're migrating from 03 to 08, have you installed the IIS 6 Management Compatibility add on that's found in the IIS role? I'm not an expert on IIS or ASP, so I hope this helps.
Lots of overloaded terms here, and a change between IIS 7 and 7.5.
App Pool Identity vs App Pool Account
Let's start with the Application Pool identity (lowercase-i-identity, what I call the App Pool Account to avoid ambiguity):
The way I tell it, the Application Pool Account is the account used to boot an App Pool, and the identity that the App Pool assumes when it's not impersonating anyone else.
So whatever identity you give the App Pool, it's going to need to be able to read the files in the content folder: particularly {but not limited to} any web.config files (which form part of the IIS configuration, and control what the App Pool is going to be doing).
If it can't access a folder, it'll assume there might be an important (game-changing) web.config file in there, and display an error. So the App Pool Account needs Read access to all content folders.
ApplicationPoolIdentity
Why differentiate the App Pool Account (the identity of the app pool) from the App Pool Identity? Because the special-capitals-used ApplicationPoolIdentity is a new account type - a managed service account - introduced and made default in IIS 7.5 / Windows 2008 R2, and available from Windows 2008 SP2 as well (but not the default).
See Application Pool Identities on IIS.Net
When you create a website under 2008 R2 or later using the GUI:
- an App Pool will be created to host that website, and
- the account type will be ApplicationPoolIdentity, instead of Network Service (the 2008 default), Local Service or Local System
- a virtual identity, IIS AppPools\AppPoolName will be made available for use as a security principal on the local machine
With 2008 RTM, the default App Pool account was Network Service plus a unique app pool identity/uniquifier; the new R2/SP2 AppPoolIdentity account type is a Network-Service-like account (i.e. is the computer when connecting off-box), but prevents impersonation of another App Pool within the same box.
Back to the original question:
App pool account defines who your app runs as when it's not impersonating anyone else
Authentication method describes how you're going to authenticate the clients (in order to impersonate them)
The Anonymous user account defines who you're going to run as when impersonating a user for a request which isn't authenticated - IUSR is such a user.
Incidentally, with IIS 7.5+, you can set the Anonymous user account to be the Application Pool Identity (properties of the Anonymous authentication method), which might make it more straightforward to isolate and secure the content for a given website.
Set permissions using IIS AppPool\YourSiteName for the name format (see this post).
Best Answer
Sounds like the double hop issue. What do you see in the event log? In IIS 6, the network service is the default app pool account. Did you try setting the app pool as network service, classic mode? Is UAC (user account account) enabled?