IIS horror story 

During preparation for a work presentation for a complex project (designing transport level secure, distributed, endpoint independent web services) I needed to install some benign certificates to an IIS 6 machine. All hell broke lose when I did it and (production) machine failed completely. IIS Admin service would not start, UDDI Services went down, nothing worked.

After numerous hours of trying to fix at least IIS I got an idea of what was wrong.

Apperently the MachineKeys folder, which holds machine account private keys was screwed. No matter how hard I tried reinstalling IIS nothing worked. The solution was in manually deleting MachineKeys folder, encrypting it and setting appropriate permission set.

So, if you are ever in a situation where IIS Admin service would not start causing one of the following errors and you suspect MachineKeys is the reason for it, consider the steps below:

  • The system cannot find the file specified.
  • The handle is invalid.
  • Not enough storage is available to process this command.

Try this:

  • Uninstall IIS
  • Backup files in MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys)
  • Delete MachineKeys folder
  • Create new MachineKeys folder
  • Assign Administrators group, SYSTEM account full permissions
  • ENCRYPT THE DAMN FOLDER (Properties, Encryption)
  • Copy keys if necessary
  • Reinstall IIS

Good luck.

Categories:  Personal | Web Services
Tuesday, March 2, 2004 9:59:25 PM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

Tuesday, June 19, 2007 2:51:54 AM (Central Europe Standard Time, UTC+01:00)
Thank you for helping me get on track with this one - in my case I couldn't start the IIS Admin Service ("Error 6: The handle is invalid", and logged ID 7023 with Description "The IIS Admin Service service terminated with the following error: The handle is invalid.")

This occured after installing the latest security updates (for Server 2K3 R2) and in my case I only had to adjust permissions to the aforementioned machine keys folder to resolve this - thankfully not needing to reinstall IIS.

Jono
Thursday, July 19, 2007 5:40:20 AM (Central Europe Standard Time, UTC+01:00)
I faced the similar issue. I gave full permission to the current logon use for the MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys) and it worked.
Suba
Wednesday, August 1, 2007 7:11:41 PM (Central Europe Standard Time, UTC+01:00)
After a NTDS corrupt database, a got many problem with sbs 2003. And the IIS did not restart. I got the error Not enough storage is available to process this command.

The security on this folder is all ok, but the data is not encrypted.

So for now, i follow your procedure and see after all if all working well. Just wish to do not have to re-install the Exchange portion of sbs2003.
All comments require the approval of the site owner before being displayed.
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):

Live Comment Preview
Copyright © 2003-2019 , Matevž Gačnik
Recent Posts
RD / MVP
Feeds
RSS: Atom:
Archives
Categories
Blogroll
Legal

The opinions expressed herein are my own personal opinions and do not represent my company's view in any way.

My views often change.

This blog is just a collection of bytes.

Copyright © 2003-2019
Matevž Gačnik

Send mail to the author(s) E-mail