IIS horror story 

During preparation for a work presentation for a complex project (designing transport level secure, distributed, endpoint independent web services) I needed to install some benign certificates to an IIS 6 machine. All hell broke lose when I did it and (production) machine failed completely. IIS Admin service would not start, UDDI Services went down, nothing worked.

After numerous hours of trying to fix at least IIS I got an idea of what was wrong.

Apperently the MachineKeys folder, which holds machine account private keys was screwed. No matter how hard I tried reinstalling IIS nothing worked. The solution was in manually deleting MachineKeys folder, encrypting it and setting appropriate permission set.

So, if you are ever in a situation where IIS Admin service would not start causing one of the following errors and you suspect MachineKeys is the reason for it, consider the steps below:

  • The system cannot find the file specified.
  • The handle is invalid.
  • Not enough storage is available to process this command.

Try this:

  • Uninstall IIS
  • Backup files in MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys)
  • Delete MachineKeys folder
  • Create new MachineKeys folder
  • Assign Administrators group, SYSTEM account full permissions
  • ENCRYPT THE DAMN FOLDER (Properties, Encryption)
  • Copy keys if necessary
  • Reinstall IIS

Good luck.

Categories:  Personal | Web Services
Tuesday, March 2, 2004 9:59:25 PM (Central Europe Standard Time, UTC+01:00)  #    Comments


Tuesday, June 19, 2007 2:51:54 AM (Central Europe Standard Time, UTC+01:00)
Thank you for helping me get on track with this one - in my case I couldn't start the IIS Admin Service ("Error 6: The handle is invalid", and logged ID 7023 with Description "The IIS Admin Service service terminated with the following error: The handle is invalid.")

This occured after installing the latest security updates (for Server 2K3 R2) and in my case I only had to adjust permissions to the aforementioned machine keys folder to resolve this - thankfully not needing to reinstall IIS.

Thursday, July 19, 2007 5:40:20 AM (Central Europe Standard Time, UTC+01:00)
I faced the similar issue. I gave full permission to the current logon use for the MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys) and it worked.
Wednesday, August 1, 2007 7:11:41 PM (Central Europe Standard Time, UTC+01:00)
After a NTDS corrupt database, a got many problem with sbs 2003. And the IIS did not restart. I got the error Not enough storage is available to process this command.

The security on this folder is all ok, but the data is not encrypted.

So for now, i follow your procedure and see after all if all working well. Just wish to do not have to re-install the Exchange portion of sbs2003.
All comments require the approval of the site owner before being displayed.
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):

Live Comment Preview
Copyright © 2003-2024 , Matevž Gačnik
Recent Posts
RSS: Atom:

The opinions expressed herein are my own personal opinions and do not represent my company's view in any way.

My views often change.

This blog is just a collection of bytes.

Copyright © 2003-2024
Matevž Gačnik

Send mail to the author(s) E-mail