IIS services do not start and you receive a "The specified handle is invalid" error message when you try to start the Internet Services Manager on a Windows 2000 Server-based computer

This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.

Symptoms

When you run Microsoft Internet Information Services (IIS) 5.0 on a Microsoft Windows 2000 Server-based computer, the IIS services may not start as expected. When you try to start Internet Services Manager, you may receive the following error message:
The specified handle is invalid.
When you try to start the World Wide Web Publishing Service, you may receive the following error:
Could not start the World Wide Web Publishing Service on Local Computer.
Error 1008: An attempt was made to reference a token that does not exist.
In addition, error messages that are similar to the following may be logged in the System Event log:

Message 1Message 2Note This problem has been known to occur on computers that are running Microsoft Systems Management Server (SMS) 2003. However, you may also experience these symptoms if you are not running SMS 2003.

Cause

This problem may occur when the
MachineGUID registry key is under stress. When the MachineGUID registry key is under stress, a condition may occur where the value of the
MachineGUID registry key is not read correctly by the Crypto subsystem. Because the
MachineGUID value is not read correctly, the Crypto subsystem incorrectly resets the value of the
MachineGUID key. Therefore, the existing IIS RSA machinekey is no longer valid, and the IIS Admin service cannot access the metabase.

The
MachineGUID registry key is the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography

Resolution

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


To resolve this problem, follow these steps:

Back up the existing machine key

  1. Start Windows Explorer.
  2. On the Tools menu, click Folder Options, click the View tab, click Show hidden files and folders, and then click
    OK.
  3. Expand the following folder:
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
  4. In the right pane, right-click Name, and then click to select Created.
  5. Locate all files that start with c23, and then note the time stamp of each file in the Created column.
  6. Compare the time stamp of each file that starts with
    c23, and then find the newest file that was created at the time that is closest to the time when the problem started.
  7. Make a backup copy of the file that you found in step 6.
  8. Right-click the file that you found in step 6, and then click Delete.
  9. In the Confirm File Delete dialog box, click Yes.

Rename the machine key on the remaining older machine key files

  1. Click Start, click Run, type regedit, and then click OK.
  2. Expand the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
  3. In the right pane, double-click
    MachineGuid.
  4. Note the value in the Value data box, click Cancel, and then close Registry Editor.
  5. Return to the C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys folder in Windows Explorer.
  6. Only complete the step 7 through step 13 if the last half of the remaining c23 key name is different than the MachineGUID value obtained in step 4.
  7. Locate and right-click the file that begins with
    c23, and then click Rename.
  8. Select the last part of the file name from the underscore ("_") to the end, and then press DELETE.

    For example, the file name may be similar to the following:
    c2319c42033a5ca7f44e731bfd3fa2b5_4cbde50a-570f-47f5-8cc1-f6e151231826
    . After you delete the end part of the file name, the file would be similar to the following:
    c2319c42033a5ca7f44e731bfd3fa2b5_
  9. Type the value of the MachineGuid entry that you noted in step 4.

    For example, if the MachineGuid entry had a value 1b2162a0-ed5a-4d56-bd8a-8f2f65406b82, you would add this value to the file name after the underscore so that the file name would be similar to the following:
    c2319c42033a5ca7f44e731bfd3fa2b5_1b2162a0-ed5a-4d56-bd8a-8f2f65406b82
  10. Press ENTER.
  11. Click Start, point to
    Programs, point to Administrative Tools, and then click Services.
  12. Restart the IIS services and all related SMS services.
  13. Apply the hotfix that is described by this article to the server to prevent the problem.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

Windows 2000 Service Pack 3 is required to install this hotfix.

Restart requirement

You must restart your computer after you install this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time   Version               Size  File name
------------------------------------------------------------
14-Sep-2004 07:08 5.0.2195.6968 382,224 Advapi32.dll
24-Mar-2004 02:17 5.0.2195.6824 42,256 Basesrv.dll
24-Mar-2004 02:17 5.0.2195.6866 69,904 Browser.dll
21-Sep-2003 00:45 5.0.2195.6824 236,304 Cmd.exe
14-Sep-2004 07:08 5.131.2195.6926 533,776 Crypt32.dll
14-Sep-2004 07:08 5.131.2195.6926 62,736 Cryptnet.dll
24-Mar-2004 02:17 5.0.2195.6868 76,048 Cryptsvc.dll
24-Mar-2004 02:17 5.0.2195.6824 134,928 Dnsapi.dll
24-Mar-2004 02:17 5.0.2195.6876 92,432 Dnsrslvr.dll
04-Sep-2004 00:29 5.0.2195.6972 145,680 Dssbase.dll
04-Sep-2004 00:29 5.0.2195.6972 147,728 Dssenh.dll
24-Mar-2004 02:17 5.0.2195.6883 47,888 Eventlog.dll
19-Jun-2003 20:05 5.0.2195.6660 233,744 Gdi32.dll
24-Mar-2004 02:17 5.0.2195.6890 143,632 Kdcsvc.dll
11-Mar-2004 02:37 5.0.2195.6903 210,192 Kerberos.dll
24-Mar-2004 02:17 5.0.2195.6897 742,160 Kernel32.dll
21-Sep-2003 00:32 5.0.2195.6824 71,888 Ksecdd.sys
11-Mar-2004 02:37 5.0.2195.6902 520,976 Lsasrv.dll
25-Feb-2004 23:59 5.0.2195.6902 33,552 Lsass.exe
24-Mar-2004 02:17 5.0.2195.6824 54,544 Mpr.dll
14-Sep-2004 07:08 5.0.2195.6974 335,120 Msgina.dll
19-Jun-2003 20:05 5.0.2195.6680 117,520 Msv1_0.dll
24-Mar-2004 02:17 5.0.2195.6897 312,592 Netapi32.dll
19-Jun-2003 20:05 5.0.2195.6695 371,984 Netlogon.dll
24-Mar-2004 02:17 5.0.2195.6896 1,028,880 Ntdsa.dll
24-Mar-2004 02:17 5.0.2195.6824 115,984 Psbase.dll
24-Mar-2004 02:17 5.0.2195.6892 90,264 Rdpwd.sys
04-Sep-2004 00:29 5.0.2195.6972 132,368 Rsabase.dll
04-Sep-2004 00:29 5.0.2195.6972 134,928 Rsaenh.dll
24-Mar-2004 02:17 5.0.2195.6897 388,368 Samsrv.dll
24-Mar-2004 02:17 5.0.2195.6893 111,376 Scecli.dll
24-Mar-2004 02:17 5.0.2195.6903 253,200 Scesrv.dll
13-Sep-2004 19:27 5.0.2195.6974 5,898,752 Sp3res.dll
24-Mar-2004 02:17 5.0.2195.6897 403,216 User32.dll
14-Sep-2004 07:08 5.0.2195.6972 393,488 Userenv.dll
24-Mar-2004 02:17 5.0.2195.6824 50,960 W32time.dll
21-Sep-2003 00:32 5.0.2195.6824 57,104 W32tm.exe
10-Aug-2004 00:51 5.0.2195.6966 1,632,624 Win32k.sys
12-Dec-2003 21:38 5.1.2600.1327 311,296 Winhttp.dll
11-Mar-2004 02:37 5.0.2195.6898 181,520 Winlogon.exe
25-Sep-2003 18:08 5.0.2195.6826 243,984 Winsrv.dll
24-Mar-2004 02:17 5.131.2195.6824 167,184 Wintrust.dll
24-Mar-2004 02:17 5.0.2195.6897 742,160 Kernel32.dll
10-Aug-2004 00:51 5.0.2195.6966 1,632,624 Win32k.sys
25-Sep-2003 18:08 5.0.2195.6826 243,984 Winsrv.dll
Note This hotfix is intended only to prevent this issue from occurring. The hotfix will not fix the IIS handle error after it occurs. To repair an affected IIS installation, follow the steps in the "Resolution" section.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:

816915 New file naming schema for Microsoft Windows software update packages

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 884872 - Last Review: Dec 16, 2009 - Revision: 1

Feedback