Home
%3CLINGO-SUB%20id%3D%22lingo-sub-360223%22%20slang%3D%22en-US%22%3EWindows%20could%20not%20start%20the%20IIS%20Admin%20Service%20on%20Local%20Computer%20-error%20code%20-2146893818%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360223%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EProblem%20and%20symptoms%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECannot%20start%20the%26nbsp%3B%20IIS%20admin%20service%20as%20it%20fails%20with%20error%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%22%3CSTRONG%3EWindows%20could%20not%20start%20the%20IIS%20Admin%20Service%20on%20Local%20Computer.%20For%20more%20information%2C%20review%20the%20System%20Event%20Log.%20If%20this%20is%20a%20non-Microsoft%20service%2C%20contact%20the%20service%20vendor%2C%20and%20refer%20to%20service-specific%20error%20code%20-2146893818%22.%22%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%0A%3CP%3E-in%20event%20logs%20we%20see%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ELog%20Name%3A%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BSystem%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESource%3A%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BService%20Control%20Manager%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EDate%3A%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B2%2F20%2F2019%202%3A33%3A11%20PM%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EEvent%20ID%3A%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B7024%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ETask%20Category%3A%20None%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ELevel%3A%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20Error%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EKeywords%3A%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BClassic%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EUser%3A%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BN%2FA%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EComputer%3A%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3Bitms01.lpcres.local%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EDescription%3A%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EThe%20IIS%20Admin%20Service%20service%20terminated%20with%20the%20following%20service-specific%20error%3A%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EInvalid%20Signature.%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%0A%3CP%3E--%20Replacing%26nbsp%3B%20the%20metabase%20and%20MBSchema%20from%20backup%20(C%3A%5CWindows%5CSystem32%5CInetsrv%5CHistory%20)%20does%20not%20help%20sometime.%3C%2FP%3E%0A%3CP%3E--uninstallation%20of%26nbsp%3B%20IIS6%20compatibility%20feature%20from%20server%20manager%20works%20but%3C%2FP%3E%0A%3CP%3E--re-install%20of%20IIS6%20compatibility%20feature%20fails%20with%26nbsp%3B%20error%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22103%22%3E%3CP%3E0x8009000b%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22108%22%3E%3CP%3E-2146893813%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22182%22%3E%3CP%3ENTE_BAD_KEY_STATE%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22264%22%3E%3CP%3EKey%20not%20valid%20for%20use%20in%20specified%20state.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EIIS%20logs%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3BMETABASE_UTIL%3A%3AInstallIisAdminMetabaseEntries%20result%3D0x8009000b%3C%2FP%3E%0A%3CP%3ESuccessfully%20stopped%20IISADMIN.%3C%2FP%3E%0A%3CP%3E%26lt%3B%20WARNING!%20%26gt%3B%20METABASE_UTIL%3A%3AInstallLegacySnapInMetabaseEntries%20result%3D0x8009000b%3C%2FP%3E%0A%3CP%3ESuccessfully%20started%20IISADMIN.%3C%2FP%3E%0A%3CP%3E%26lt%3B%20!!FAIL!!%20%26gt%3B%20Install%20of%20component%20Metabase%20result%3D0x8009000b%3C%2FP%3E%0A%3CP%3E%26lt%3B%20!!FAIL!!%20%26gt%3B%20COMPONENT%3A%3AExecuteCommand%20result%3D0x8009000b%3C%2FP%3E%0A%3CP%3E%5D%20%5B%20End%20of%20IIS%208.5%20Component%20Based%20Setup%20%5D%3C%2FP%3E%0A%3CP%3E%5B%20*****%20IIS%208.5%20Component%20Based%20Setup%20*****%20%5D%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ECBS%20logs%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%2C%20Info%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BCSI%20%26nbsp%3B%20%26nbsp%3B0000003e%20Performing%201%20operations%3B%201%20are%20not%20lock%2Funlock%20and%20follow%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20(0)%20%26nbsp%3BLockComponentPath%20(10)%3A%20flags%3A%200%20comp%3A%20%7Bl%3A16%20b%3Ad0d57770aec9d401840000006411681e%7D%20pathid%3A%20%7Bl%3A16%20b%3Ad0d57770aec9d401850000006411681e%7D%20path%3A%20%5Bl%3A224%7B112%7D%5D%22%5CSystemRoot%5CWinSxS%5Camd64_microsoft-windows-iis-metabase-gc_31bf3856ad364e35_6.3.9600.16384_none_05b71af1c18e30f5%22%20pid%3A%201164%20starttime%3A%20131952037330060245%20(0x01d4c9adc87283d5)%3C%2FP%3E%0A%3CP%3E%2C%20Info%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BCSI%20%26nbsp%3B%20%26nbsp%3B0000003f%20Calling%20generic%20command%20executable%20(sequence%201)%3A%20%5B40%5D%22C%3A%5CWindows%5CSystem32%5Cinetsrv%5Ciissetup.exe%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3BCmdLine%3A%20%5B60%5D%22%22C%3A%5CWindows%5CSystem32%5Cinetsrv%5Ciissetup.exe%22%20%2Finstall%20Metabase%22%3C%2FP%3E%0A%3CP%3E%2C%20Info%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BCSI%20%26nbsp%3B%20%26nbsp%3B00000040%20Performing%201%20operations%3B%201%20are%20not%20lock%2Funlock%20and%20follow%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20(0)%20%26nbsp%3BLockComponentPath%20(10)%3A%20flags%3A%200%20comp%3A%20%7Bl%3A16%20b%3A02271d75aec9d401860000006411681e%7D%20pathid%3A%20%7Bl%3A16%20b%3A02271d75aec9d401870000006411681e%7D%20path%3A%20%5Bl%3A234%7B117%7D%5D%22%5CSystemRoot%5CWinSxS%5Cx86_microsoft.windows.s..ation.badcomponents_31bf3856ad364e35_6.3.9600.16384_none_cd3183f2deb856d2%22%20pid%3A%201164%20starttime%3A%20131952037330060245%20(0x01d4c9adc87283d5)%3C%2FP%3E%0A%3CP%3E%26nbsp%3BCSI%20%26nbsp%3B%20%26nbsp%3B00000041%20Creating%20NT%20transaction%20(seq%202)%2C%20objectname%20%5B6%5D%22(null)%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3BCSI%20%26nbsp%3B%20%26nbsp%3B00000042%20Created%20NT%20transaction%20(seq%202)%20result%200x00000000%2C%20handle%20%400x580%3C%2FP%3E%0A%3CP%3E%26nbsp%3BCSI%20%26nbsp%3B%20%26nbsp%3B%3CA%20href%3D%22mailto%3A00000043%402019%2F2%2F21%3A06%3A27%3A02.733%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E00000043%402019%2F2%2F21%3A06%3A27%3A02.733%3C%2FA%3E%20Beginning%20NT%20transaction%20commit...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20CSI%20%26nbsp%3B%20%26nbsp%3B%3CA%20href%3D%22mailto%3A00000044%402019%2F2%2F21%3A06%3A27%3A02.791%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E00000044%402019%2F2%2F21%3A06%3A27%3A02.791%3C%2FA%3E%20CSI%20perf%20trace%3A%3C%2FP%3E%0A%3CP%3ECSIPERF%3ATXCOMMIT%3B63760%3C%2FP%3E%0A%3CP%3E%2C%20Error%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20CSI%20%26nbsp%3B%20%26nbsp%3B00000045%20(F)%20Done%20with%20generic%20command%201%3B%20CreateProcess%20returned%200%2C%20CPAW%20returned%20S_OK%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3BProcess%20exit%20code%2011%20(0x0000000b)%20resulted%20in%20success%3F%20FALSE%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%20Process%20output%3A%20%5Bl%3A22%20%5B22%5D%22Failed%20%3D%200x8009000b%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ECause%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThe%20error%20is%20clear%20that%26nbsp%3B%20machine%20key%20found%20in%20%22C%3A%5CProgramData%5CMicrosoft%5CCrypto%5CRSA%5CMachineKeys%22%20has%20been%20corrupt%20somehow.%3C%2FP%3E%0A%3CP%3EThe%20naming%20convention%26nbsp%3B%20for%20machine%20key%26nbsp%3B%20is%20%3CUNIQUEGUID%3E_%3CSTATICGUID%3E%3C%2FSTATICGUID%3E%3C%2FUNIQUEGUID%3E%3C%2FP%3E%0A%3CP%3EHere%20the%20static%20GUID%20of%20the%20IIS%20admin%20key%20was%20not%20matching%20the%20machine%20GUID.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENote%26nbsp%3B%20%3A%3C%2FP%3E%0A%3CP%3EThe%20key%20for%20IIS%20admin%20service%20is%26nbsp%3B%20machine%20key%20starting%20with%20%3CSTRONG%3Ec2319.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThe%20file%20naming%20convention%20is%20x_y%2C%20where%20x%20is%20a%20random%20GUID%20to%20uniquely%20identify%20the%20key%2C%20and%20y%20is%20the%20machine%20GUID%20found%20at%26nbsp%3BHKLM%5CSOFTWARE%5CMicrosoft%5CCryptography.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EResolution%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EDelete%20the%20IIS%20admin%20key%20from%20%3C%2FSTRONG%3E%5CMicrosoft%5CCrypto%5CRSA%5CMachineKeys%2C%20reinstall%20%26nbsp%3BIIS6%20compatibility%20feature%20so%20that%20it%20generates%20a%20new%20key.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-360223%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECannot%20start%20the%26nbsp%3B%20IIS%20admin%20service%20as%20it%20fails%20with%20error%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%22%3CSTRONG%3EWindows%20could%20not%20start%20the%20IIS%20Admin%20Service%20on%20Local%20Computer.%20For%20more%20information%2C%20review%20the%20System%20Event%20Log.%20If%20this%20is%20a%20non-Microsoft%20service%2C%20contact%20the%20service%20vendor%2C%20and%20refer%20to%20service-specific%20error%20code%20-2146893818%22.%22%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

Problem and symptoms:

 

Cannot start the  IIS admin service as it fails with error:

 

"Windows could not start the IIS Admin Service on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -2146893818"."​

-in event logs we see ​

Log Name:      System​

Source:        Service Control Manager​

Date:          2/20/2019 2:33:11 PM​

Event ID:      7024​

Task Category: None​

Level:         Error​

Keywords:      Classic​

User:          N/A​

Computer:      itms01.lpcres.local​

Description:​

The IIS Admin Service service terminated with the following service-specific error: ​

Invalid Signature.​

-- Replacing  the metabase and MBSchema from backup ​ (C:\Windows\System32\Inetsrv\History ) does not help sometime.

--uninstallation of  IIS6 compatibility feature from server manager works but

--re-install of IIS6 compatibility feature fails with  error ​

0x8009000b

-2146893813

NTE_BAD_KEY_STATE

Key not valid for use in specified state.

 

 

 

 

IIS logs:

 METABASE_UTIL::InstallIisAdminMetabaseEntries result=0x8009000b​

Successfully stopped IISADMIN.​

< WARNING! > METABASE_UTIL::InstallLegacySnapInMetabaseEntries result=0x8009000b​

Successfully started IISADMIN.​

< !!FAIL!! > Install of component Metabase result=0x8009000b​

< !!FAIL!! > COMPONENT::ExecuteCommand result=0x8009000b​

] [ End of IIS 8.5 Component Based Setup ]​

[ ***** IIS 8.5 Component Based Setup ***** ]​

CBS logs:

, Info                  CSI    0000003e Performing 1 operations; 1 are not lock/unlock and follow:​

  (0)  LockComponentPath (10): flags: 0 comp: {l:16 b:d0d57770aec9d401840000006411681e} pathid: {l:16 b:d0d57770aec9d401850000006411681e} path: [l:224{112}]"\SystemRoot\WinSxS\amd64_microsoft-windows-iis-metabase-gc_31bf3856ad364e35_6.3.9600.16384_none_05b71af1c18e30f5" pid: 1164 starttime: 131952037330060245 (0x01d4c9adc87283d5)​

, Info                  CSI    0000003f Calling generic command executable (sequence 1): [40]"C:\Windows\System32\inetsrv\iissetup.exe"​

   CmdLine: [60]""C:\Windows\System32\inetsrv\iissetup.exe" /install Metabase"​

, Info                  CSI    00000040 Performing 1 operations; 1 are not lock/unlock and follow:​

  (0)  LockComponentPath (10): flags: 0 comp: {l:16 b:02271d75aec9d401860000006411681e} pathid: {l:16 b:02271d75aec9d401870000006411681e} path: [l:234{117}]"\SystemRoot\WinSxS\x86_microsoft.windows.s..ation.badcomponents_31bf3856ad364e35_6.3.9600.16384_none_cd3183f2deb856d2" pid: 1164 starttime: 131952037330060245 (0x01d4c9adc87283d5)​

 CSI    00000041 Creating NT transaction (seq 2), objectname [6]"(null)"​

  CSI    00000042 Created NT transaction (seq 2) result 0x00000000, handle @0x580​

 CSI    00000043@2019/2/21:06:27:02.733 Beginning NT transaction commit...​

  CSI    00000044@2019/2/21:06:27:02.791 CSI perf trace:​

CSIPERF:TXCOMMIT;63760​

, Error                 CSI    00000045 (F) Done with generic command 1; CreateProcess returned 0, CPAW returned S_OK​

   Process exit code 11 (0x0000000b) resulted in success? FALSE​

   Process output: [l:22 [22]"Failed = 0x8009000b​

 

 

 

Cause:

The error is clear that  machine key found in "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" has been corrupt somehow.

The naming convention  for machine key  is <uniqueGUID>_<staticGUID>

Here the static GUID of the IIS admin key was not matching the machine GUID.

 

Note  :

The key for IIS admin service is  machine key starting with c2319.

The file naming convention is x_y, where x is a random GUID to uniquely identify the key, and y is the machine GUID found at HKLM\SOFTWARE\Microsoft\Cryptography.

 

 

 

Resolution:

Delete the IIS admin key from \Microsoft\Crypto\RSA\MachineKeys, reinstall  IIS6 compatibility feature so that it generates a new key.