Problem and symptoms:


Cannot start the  IIS admin service as it fails with error:


"Windows could not start the IIS Admin Service on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -2146893818"."​

-in event logs we see ​

Log Name:      System​

Source:        Service Control Manager​

Date:          2/20/2019 2:33:11 PM​

Event ID:      7024​

Task Category: None​

Level:         Error​

Keywords:      Classic​

User:          N/A​

Computer:      itms01.lpcres.local​


The IIS Admin Service service terminated with the following service-specific error: ​

Invalid Signature.​

-- Replacing  the metabase and MBSchema from backup ​ (C:\Windows\System32\Inetsrv\History ) does not help sometime.

--uninstallation of  IIS6 compatibility feature from server manager works but

--re-install of IIS6 compatibility feature fails with  error ​




Key not valid for use in specified state.





IIS logs:

 METABASE_UTIL::InstallIisAdminMetabaseEntries result=0x8009000b​

Successfully stopped IISADMIN.​

< WARNING! > METABASE_UTIL::InstallLegacySnapInMetabaseEntries result=0x8009000b​

Successfully started IISADMIN.​

< !!FAIL!! > Install of component Metabase result=0x8009000b​

< !!FAIL!! > COMPONENT::ExecuteCommand result=0x8009000b​

] [ End of IIS 8.5 Component Based Setup ]​

[ ***** IIS 8.5 Component Based Setup ***** ]​

CBS logs:

, Info                  CSI    0000003e Performing 1 operations; 1 are not lock/unlock and follow:​

  (0)  LockComponentPath (10): flags: 0 comp: {l:16 b:d0d57770aec9d401840000006411681e} pathid: {l:16 b:d0d57770aec9d401850000006411681e} path: [l:224{112}]"\SystemRoot\WinSxS\amd64_microsoft-windows-iis-metabase-gc_31bf3856ad364e35_6.3.9600.16384_none_05b71af1c18e30f5" pid: 1164 starttime: 131952037330060245 (0x01d4c9adc87283d5)​

, Info                  CSI    0000003f Calling generic command executable (sequence 1): [40]"C:\Windows\System32\inetsrv\iissetup.exe"​

   CmdLine: [60]""C:\Windows\System32\inetsrv\iissetup.exe" /install Metabase"​

, Info                  CSI    00000040 Performing 1 operations; 1 are not lock/unlock and follow:​

  (0)  LockComponentPath (10): flags: 0 comp: {l:16 b:02271d75aec9d401860000006411681e} pathid: {l:16 b:02271d75aec9d401870000006411681e} path: [l:234{117}]"\SystemRoot\WinSxS\x86_microsoft.windows.s..ation.badcomponents_31bf3856ad364e35_6.3.9600.16384_none_cd3183f2deb856d2" pid: 1164 starttime: 131952037330060245 (0x01d4c9adc87283d5)​

 CSI    00000041 Creating NT transaction (seq 2), objectname [6]"(null)"​

  CSI    00000042 Created NT transaction (seq 2) result 0x00000000, handle @0x580​

 CSI    00000043@2019/2/21:06:27:02.733 Beginning NT transaction commit...​

  CSI    00000044@2019/2/21:06:27:02.791 CSI perf trace:​


, Error                 CSI    00000045 (F) Done with generic command 1; CreateProcess returned 0, CPAW returned S_OK​

   Process exit code 11 (0x0000000b) resulted in success? FALSE​

   Process output: [l:22 [22]"Failed = 0x8009000b​





The error is clear that  machine key found in "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" has been corrupt somehow.

The naming convention  for machine key  is <uniqueGUID>_<staticGUID>

Here the static GUID of the IIS admin key was not matching the machine GUID.


Note  :

The key for IIS admin service is  machine key starting with c2319.

The file naming convention is x_y, where x is a random GUID to uniquely identify the key, and y is the machine GUID found at HKLM\SOFTWARE\Microsoft\Cryptography.





Delete the IIS admin key from \Microsoft\Crypto\RSA\MachineKeys, reinstall  IIS6 compatibility feature so that it generates a new key.