"Keyset does not exist" error message when you try to change the identity of an application pool by using Internet Information Services Manager from a remote computer

Article translations Article translations
Article ID: 977754 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • On a server that is running Windows Server 2008 or Windows Server 2008 R2, you enable remote management for Internet Information Services (IIS).
  • The server has more than one application pool configured in IIS.
  • One of the application pools is configured to use custom user identity.
  • You use Internet Information Services Manager to connect to the server as an administrator from a remote computer.
In this scenario, when you to try to change the identity of any application pool, you receive the following error message:
There was an error while performing this operation.
Details:
Keyset does not exist (Exception from HRESULT: 0x80090016)

CAUSE

The LOCAL SERVICE account is the service account of the IIS Web Management Service (also known as WMSvc). This problem occurs because the LOCAL SERVICE account does not have Read access on the iisWasKey key that is located in the following folder:
%ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
The following is the file name of the iisWasKey key:
76944fb33636aeddb9590521c2e8815a_GUID

RESOLUTION

To resolve this problem, follow these steps:
  1. Locate the following folder:
    %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
  2. Right-click the following file, and then click Properties:
    76944fb33636aeddb9590521c2e8815a_GUID
  3. Click the Security tab, and then click Edit. If you are asked whether you want to continue the operation, click Continue. Then, the list of group names and user names that have access to this key file appears in the Permissions dialog box.
  4. Click Add. Then, the Select Users, Computers, Service Accounts, or Groups dialog box appears.
  5. Type LOCAL SERVICE, and then click Check Names.
  6. Click OK.
  7. In the Group or user names list, click LOCAL SERVICE. Make sure that the Read check box is checked in the Permissions for LOCAL SERVICE list.
  8. Click OK.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

This problem will be corrected in next service pack for Windows Server 2008.

Properties

Article ID: 977754 - Last Review: March 24, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Internet Information Services 7.0
Keywords: 
kbexpertiseadvanced kbtshoot kbsurveynew kbprb KB977754

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com