IIS horror story 

During preparation for a work presentation for a complex project (designing transport level secure, distributed, endpoint independent web services) I needed to install some benign certificates to an IIS 6 machine. All hell broke lose when I did it and (production) machine failed completely. IIS Admin service would not start, UDDI Services went down, nothing worked.

After numerous hours of trying to fix at least IIS I got an idea of what was wrong.

Apperently the MachineKeys folder, which holds machine account private keys was screwed. No matter how hard I tried reinstalling IIS nothing worked. The solution was in manually deleting MachineKeys folder, encrypting it and setting appropriate permission set.

So, if you are ever in a situation where IIS Admin service would not start causing one of the following errors and you suspect MachineKeys is the reason for it, consider the steps below:

  • The system cannot find the file specified.
  • The handle is invalid.
  • Not enough storage is available to process this command.

Try this:

  • Uninstall IIS
  • Backup files in MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys)
  • Delete MachineKeys folder
  • Create new MachineKeys folder
  • Assign Administrators group, SYSTEM account full permissions
  • ENCRYPT THE DAMN FOLDER (Properties, Encryption)
  • Copy keys if necessary
  • Reinstall IIS

Good luck.

Categories:  Personal | Web Services
Tuesday, March 02, 2004 9:59:25 PM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

Tuesday, June 19, 2007 2:51:54 AM (Central Europe Standard Time, UTC+01:00)
Thank you for helping me get on track with this one - in my case I couldn't start the IIS Admin Service ("Error 6: The handle is invalid", and logged ID 7023 with Description "The IIS Admin Service service terminated with the following error: The handle is invalid.")

This occured after installing the latest security updates (for Server 2K3 R2) and in my case I only had to adjust permissions to the aforementioned machine keys folder to resolve this - thankfully not needing to reinstall IIS.

Jono
Thursday, July 19, 2007 5:40:20 AM (Central Europe Standard Time, UTC+01:00)
I faced the similar issue. I gave full permission to the current logon use for the MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys) and it worked.
Suba