Error 2146893818 (Event 7024 Invalid Signature)

IIS Admin Service allows IIS metabase administration which is used to store SMTP and FTP configuration. If you see this service stopped in the Services window, server will be unable to configure SMTP or FTP.



When you try to start IIS Admin Service, this error message may be displayed:



Windows could not start the IIS Admin Service on Local Computer. service-specific error code -2146893818.



medium?v=1.jpg



The Event Viewer also records a similar message:



Event 7024
The IIS Admin Service service terminated with the following service-specific error: Invalid Signature



medium?v=1.jpg



Root Cause



This error occurs when the machine key which is used for decryption/encryption is corrupted. You will probably see numerous Schannel errors because of this corrupted file. Here is what to do to make sure of the root cause:

  • Go to MachineKeys folder (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
  • Check the Last Modified Date of the file that has a name starting with c23
  • If the date is newer than the date IIS server is installed, it means something (an update or installation) caused this file to change and get corrupted


Solution



Follow the possible solutions below in the given order.



Restore machine key



If you have a backup of the machine key starting with c23, restore it to the MachineKeys folder.

Some resources also recommends restoring the Metabase.XML and MBSchema.XML from History folder (C:\Windows\System32\Inetsrv\History)



Reinstall IIS 6 Metabase Compatibility



If the restore option doesn’t work, follow the steps below to reinstall IIS 6 Metabase Compatibility feature. This feature recreates a machine key.

  1. Remove the machine key starting with c23 (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
  2. Uninstall IIS 6 Metabase Compatibility (Server Manager > Manage > Remove Roles and Features)
  3. Restart the server
  4. After restarting the server, install IIS 6 Metabase Compatibility (Server Manager > Manage > Add Roles and Features). Make sure that the machine key with c23 name is created
  5. Go to Services window. IIS Admin Service should already running.

medium?v=1.jpg



Check permissions



If IIS Admin Service is still not starting, check the permissions of the MachineKey folder. Make sure Administrators and System both have Full Control permissions.



References:


Continue reading...
 
Top Bottom