Error 2146893818 (Event 7024 Invalid Signature)

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: IIS Support Blog articles.

IIS Admin Service allows IIS metabase administration which is used to store SMTP and FTP configuration. If you see this service stopped in the Services window, server will be unable to configure SMTP or FTP.

 

When you try to start IIS Admin Service, this error message may be displayed:

 

Windows could not start the IIS Admin Service on Local Computer. service-specific error code -2146893818.

 

clipboard_image_0.jpeg

 

The Event Viewer also records a similar message:

 

Event 7024 The IIS Admin Service service terminated with the following service-specific error: Invalid Signature

 

clipboard_image_1.jpeg

 

Root Cause

This error occurs when the machine key which is used for decryption/encryption is corrupted. You will probably see numerous Schannel errors because of this corrupted file. Here is what to do to make sure of the root cause:

  • Go to MachineKeys folder (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
  • Check the Last Modified Date of the file that has a name starting with c23
  • If the date is newer than the date IIS server is installed, it means something (an update or installation) caused this file to change and get corrupted

 

Solution

Follow the possible solutions below in the given order.

 

Restore machine key

If you have a backup of the machine key starting with c23, restore it to the MachineKeys folder.

Some resources also recommends restoring the Metabase.XML and MBSchema.XML from History folder (C:\Windows\System32\Inetsrv\History)

 

Reinstall IIS 6 Metabase Compatibility

If the restore option doesn’t work, follow the steps below to reinstall IIS 6 Metabase Compatibility feature. This feature recreates a machine key.

  1. Remove the machine key starting with c23 (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
  2. Uninstall IIS 6 Metabase Compatibility (Server Manager > Manage > Remove Roles and Features)
  3. Restart the server
  4. After restarting the server, install IIS 6 Metabase Compatibility (Server Manager > Manage > Add Roles and Features). Make sure that the machine key with c23 name is created
  5. Go to Services window. IIS Admin Service should already running.

clipboard_image_2.jpeg

 

Check permissions

If IIS Admin Service is still not starting, check the permissions of the MachineKey folder. Make sure Administrators and System both have Full Control permissions.

 

References:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.