Error: The ‘validation’ attribute is invalid. Enum must be one of MD5, SHA1, 3DES, AES
Published Feb 15 2019 06:07 AM 1,477 Views

Recently I worked with one of the customer who was having a SharePoint website hosted on his Windows Server 2008 R2 (IIS 7.5) environment.

This site was configured to use Machine Key setting validation="HMACSHA256" which according to this blog, is an acceptable value included with .NET 4.0. 

From within IIS Manager, browsing to the Machine Key icon, we receive the below error message:


Machine Key


There was an error while performing this operation.


Filename: \\?\C:\inetpub\wwwroot\wss\VirtualDirectories\80\web.config

Line number: 419

Error: The 'validation' attribute is invalid.  Enum must be one of MD5, SHA1, 3DES, AES


 This does not occur in a Windows Server 2012 and higher (IIS 8.X) environment. However, the same issue is reproducible in Windows Server 2008 R2.  



The error we are getting is because of  Aspnet_Schemafile not having the validation attribute defined. The .NET framework itself supports it (4.0+) as you would have seen in the link below:



Is there an Impact?

If we use the encryption, decryption method as HMACSHA256 in our application, although the IIS UI throws an error, the application should still work.


How do we overcome the IIS UI error ?



We need to edit the ASPNET_schema.xml located in “C:\Windows\System32\inetsrv\config\schema” to accommodate HMACSHA256 as shown below:



       <attribute name="validation" type="enum" defaultValue="SHA1">

            <enum name="MD5" value="0" />

            <enum name="SHA1" value="1" />

            <enum name="3DES" value="2" />

            <enum name="AES" value="3" />

            <enum name="HMACSHA256" value="4" />



However, note that it won’t be there in the drop down in the IIS Machine Key UI. Even for editing it, we need to play around with too many permissions. If possible, avoid the changes.

Author: Naveen Baliga

Version history
Last update:
‎Feb 15 2019 06:07 AM
Updated by: