This Knowledgebase article provides information about how to resolve a 'service unavailable' returned on a Secondary (active) server for an http request for an STS site.
An IIS website that was successfully created; extended using SharePoint Central
Administration (clicking on 'Extend and create a content database') and
accessible becomes unavailable after a switchover is performed to the
previously passive server.
Creating and extending a SharePoint Portal Services site, after Neverfail has been installed, creates a new application pool with the administrator user on the active server. This causes a modification to the Local Users and Groups information stored in the SAM. Neverfail does not currently support the replication of the SAM. After performing a switchover, the http request returns ‘Service Unavailable’ and two W3svc entries are made into the System log.
On the Secondary-active server, remove the user 'administrator' from IIS_WPG and
STS_WPG groups. Then add these two groups in the ‘Member of’ list of user
'administrator'. After this, 'administrator' appears on both the ‘Members’ list of
the two groups and the two groups also appears on the ‘Member of’ list of the
After modifying Local Users and Groups on a Secondary-active server, an IIS reset is
required in order to recycle the application pools.
Also, note that an IIS reset will leave HTTP SSL and W3svc service stopped so
W3svc needs to be started again.
Neverfail for SharePoint