Keyset does not exist

N

Nedim

IIS may display “Keyset does not exist” error while trying to set application pool identity. In the the Event Viewer, I saw this message:



ERROR ( hresult:80090016, message:Failed to commit configuration changes. Keyset does not exist)




This issue occurs when there is a problem with the machine keys (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)



IIS uses the machine keys below for encryption. The first thing to check is if these files exist.




6de9cb26d2b98c01ec4e9e8b34824aa2_GUID


iisConfigurationKey


d6d986f09a1ee04e24c949879fdb506c_GUID


NetFrameworkConfigurationKey


76944fb33636aeddb9590521c2e8815a_GUID


iisWasKey




If the files exist in MachineKeys folder, check their security permissions. In the server I worked on, these files didn’t have owners.





After taking the ownership, it displayed only IIS_IUSRS account in the permission list. I added DatabaseAdministrators group to the Security list. Other required permissions came back right away. Afterward, we were able to change application pool identity.



Note: If you see 0x8009000D error along with “Keyset does not exist” message, please check this post.

Continue reading...
 
Top Bottom