IIS horror story 

During preparation for a work presentation for a complex project (designing transport level secure, distributed, endpoint independent web services) I needed to install some benign certificates to an IIS 6 machine. All hell broke lose when I did it and (production) machine failed completely. IIS Admin service would not start, UDDI Services went down, nothing worked.

After numerous hours of trying to fix at least IIS I got an idea of what was wrong.

Apperently the MachineKeys folder, which holds machine account private keys was screwed. No matter how hard I tried reinstalling IIS nothing worked. The solution was in manually deleting MachineKeys folder, encrypting it and setting appropriate permission set.

So, if you are ever in a situation where IIS Admin service would not start causing one of the following errors and you suspect MachineKeys is the reason for it, consider the steps below:

  • The system cannot find the file specified.
  • The handle is invalid.
  • Not enough storage is available to process this command.

Try this:

  • Uninstall IIS
  • Backup files in MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys)
  • Delete MachineKeys folder
  • Create new MachineKeys folder
  • Assign Administrators group, SYSTEM account full permissions
  • ENCRYPT THE DAMN FOLDER (Properties, Encryption)
  • Copy keys if necessary
  • Reinstall IIS

Good luck.

Categories:  Personal | Web Services
Tuesday, 02 March 2004 21:59:25 (Central Europe Standard Time, UTC+01:00)  #    Comments

 

Tuesday, 19 June 2007 02:51:54 (Central Europe Standard Time, UTC+01:00)
Thank you for helping me get on track with this one - in my case I couldn't start the IIS Admin Service ("Error 6: The handle is invalid", and logged ID 7023 with Description "The IIS Admin Service service terminated with the following error: The handle is invalid.")

This occured after installing the latest security updates (for Server 2K3 R2) and in my case I only had to adjust permissions to the aforementioned machine keys folder to resolve this - thankfully not needing to reinstall IIS.

Jono
Thursday, 19 July 2007 05:40:20 (Central Europe Standard Time, UTC+01:00)
I faced the similar issue. I gave full permission to the current logon use for the MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys) and it worked.
Suba
Wednesday, 01 August 2007 19:11:41 (Central Europe Standard Time, UTC+01:00)
After a NTDS corrupt database, a got many problem with sbs 2003. And the IIS did not restart. I got the error Not enough storage is available to process this command.

The security on this folder is all ok, but the data is not encrypted.

So for now, i follow your procedure and see after all if all working well. Just wish to do not have to re-install the Exchange portion of sbs2003.
Michel
All comments require the approval of the site owner before being displayed.
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):
Live Comment Preview
Copyright © 2003-2024 , Matevž Gačnik
Recent Posts
RD / MVP
Feeds
RSS: Atom:
Archives
 Complete Archive

February, 2024 (2)
March, 2023 (1)
January, 2023 (2)
December, 2022 (1)
December, 2021 (1)
May, 2019 (1)
August, 2018 (1)
April, 2017 (1)
March, 2016 (1)
March, 2013 (1)
October, 2011 (1)
June, 2011 (1)
March, 2011 (1)
December, 2010 (1)
October, 2009 (2)
June, 2009 (1)
May, 2009 (1)
April, 2009 (2)
October, 2008 (2)
August, 2008 (1)
July, 2008 (2)
June, 2008 (1)
May, 2008 (1)
April, 2008 (2)
February, 2008 (2)
January, 2008 (1)
November, 2007 (2)
September, 2007 (3)
August, 2007 (4)
July, 2007 (7)
May, 2007 (7)
April, 2007 (1)
March, 2007 (6)
February, 2007 (7)
December, 2006 (3)
November, 2006 (7)
October, 2006 (3)
September, 2006 (3)
August, 2006 (1)
July, 2006 (2)
June, 2006 (11)
May, 2006 (7)
April, 2006 (5)
March, 2006 (7)
February, 2006 (1)
January, 2006 (8)
December, 2005 (8)
October, 2005 (1)
September, 2005 (1)
August, 2005 (1)
July, 2005 (1)
June, 2005 (4)
May, 2005 (4)
April, 2005 (5)
March, 2005 (4)
January, 2005 (1)
December, 2004 (1)
November, 2004 (1)
October, 2004 (2)
September, 2004 (1)
August, 2004 (9)
July, 2004 (2)
June, 2004 (3)
May, 2004 (8)
April, 2004 (6)
March, 2004 (7)
February, 2004 (2)
January, 2004 (8)
December, 2003 (2)
November, 2003 (7)
October, 2003 (10)
September, 2003 (18)
August, 2003 (9)
July, 2003 (17)
June, 2003 (17)
Categories
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Blogroll
 Clemens Vasters
 Dejan Dular
 Joshua Flanagan
 Mark Michaelis
 Mark Russinovich
 Miha Markič
 Scott Hanselman
 Tesla Motors
Legal

The opinions expressed herein are my own personal opinions and do not represent my company's view in any way.

My views often change.

This blog is just a collection of bytes.

Copyright © 2003-2024
Matevž Gačnik

Send mail to the author(s) E-mail