You are currently offline, waiting for your internet to reconnect

"Keyset does not exist" error message when you try to change the identity of an application pool by using Internet Information Services Manager from a remote computer

SYMPTOMS
Consider the following scenario:
  • On a server that is running Windows Server 2008 or Windows Server 2008 R2, you enable remote management for Internet Information Services (IIS).
  • The server has more than one application pool configured in IIS.
  • One of the application pools is configured to use custom user identity.
  • You use Internet Information Services Manager to connect to the server as an administrator from a remote computer.
In this scenario, when you to try to change the identity of any application pool, you receive the following error message:
There was an error while performing this operation.
Details:
Keyset does not exist (Exception from HRESULT: 0x80090016)
CAUSE
The LOCAL SERVICE account is the service account of the IIS Web Management Service (also known as WMSvc). This problem occurs because the LOCAL SERVICE account does not have Read access on the iisWasKey key that is located in the following folder:
%ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
The following is the file name of the iisWasKey key:
76944fb33636aeddb9590521c2e8815a_GUID
RESOLUTION
To resolve this problem, follow these steps:
  1. Locate the following folder:
    %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys
  2. Right-click the following file, and then click Properties:
    76944fb33636aeddb9590521c2e8815a_GUID
  3. Click the Security tab, and then click Edit. If you are asked whether you want to continue the operation, click Continue. Then, the list of group names and user names that have access to this key file appears in the Permissions dialog box.
  4. Click Add. Then, the Select Users, Computers, Service Accounts, or Groups dialog box appears.
  5. Type LOCAL SERVICE, and then click Check Names.
  6. Click OK.
  7. In the Group or user names list, click LOCAL SERVICE. Make sure that the Read check box is checked in the Permissions for LOCAL SERVICE list.
  8. Click OK.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
This problem will be corrected in next service pack for Windows Server 2008.
Properties

Article ID: 977754 - Last Review: 03/24/2010 09:43:14 - Revision: 1.0

  • Microsoft Internet Information Services 7.0
  • kbexpertiseadvanced kbtshoot kbsurveynew kbprb KB977754
Feedback