During preparation for a work presentation for a complex project (designing transport level secure, distributed, endpoint independent web services) I needed to install some benign certificates to an IIS 6 machine. All hell broke lose when I did it and (production) machine failed completely. IIS Admin service would not start, UDDI Services went down, nothing worked.
After numerous hours of trying to fix at least IIS I got an idea of what was wrong.
Apperently the MachineKeys folder, which holds machine account private keys was screwed. No matter how hard I tried reinstalling IIS nothing worked. The solution was in manually deleting MachineKeys folder, encrypting it and setting appropriate permission set.
So, if you are ever in a situation where IIS Admin service would not start causing one of the following errors and you suspect MachineKeys is the reason for it, consider the steps below:
- The system cannot find the file specified.
- The handle is invalid.
- Not enough storage is available to process this command.
- Uninstall IIS
- Backup files in MachineKeys folder (c:\documents and settings\all users\application data\microsoft\crypto\rsa\machinekeys)
- Delete MachineKeys folder
- Create new MachineKeys folder
- Assign Administrators group, SYSTEM account full permissions
- ENCRYPT THE DAMN FOLDER (Properties, Encryption)
- Copy keys if necessary
- Reinstall IIS