Keyset does not exist

This post has been republished via RSS; it originally appeared at: IIS Support Blog articles.

IIS may display “Keyset does not exist” error while trying to set application pool identity. In the the Event Viewer, I saw this message:

 

ERROR ( hresult:80090016, message:Failed to commit configuration changes. Keyset does not exist)

 

This issue occurs when there is a problem with the machine keys (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)

 

IIS uses the machine keys below for encryption. The first thing to check is if these files exist.

 

6de9cb26d2b98c01ec4e9e8b34824aa2_GUID

iisConfigurationKey

d6d986f09a1ee04e24c949879fdb506c_GUID

NetFrameworkConfigurationKey

76944fb33636aeddb9590521c2e8815a_GUID

iisWasKey

 

If the files exist in MachineKeys folder, check their security permissions. In the server I worked on, these files didn’t have owners.

Nedim_0-1616781541387.jpeg

 

After taking the ownership, it displayed only IIS_IUSRS account in the permission list. I added DatabaseAdministrators group to the Security list. Other required permissions came back right away. Afterward, we were able to change application pool identity.

 

Note: If you see 0x8009000D error along with “Keyset does not exist” message, please check this post.

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.