Keyset does not exist

This post has been republished via RSS; it originally appeared at: IIS Support Blog articles.

IIS may display “Keyset does not exist” error while trying to set application pool identity. In the the Event Viewer, I saw this message:


ERROR ( hresult:80090016, message:Failed to commit configuration changes. Keyset does not exist)


This issue occurs when there is a problem with the machine keys (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)


IIS uses the machine keys below for encryption. The first thing to check is if these files exist.









If the files exist in MachineKeys folder, check their security permissions. In the server I worked on, these files didn’t have owners.



After taking the ownership, it displayed only IIS_IUSRS account in the permission list. I added DatabaseAdministrators group to the Security list. Other required permissions came back right away. Afterward, we were able to change application pool identity.


Note: If you see 0x8009000D error along with “Keyset does not exist” message, please check this post.

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.