IIS may display “Keyset does not exist” error while trying to set application pool identity. In the the Event Viewer, I saw this message:
ERROR ( hresult:80090016, message:Failed to commit configuration changes. Keyset does not exist)
This issue occurs when there is a problem with the machine keys (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
IIS uses the machine keys below for encryption. The first thing to check is if these files exist.
|
6de9cb26d2b98c01ec4e9e8b34824aa2_GUID |
iisConfigurationKey |
|
d6d986f09a1ee04e24c949879fdb506c_GUID |
NetFrameworkConfigurationKey |
|
76944fb33636aeddb9590521c2e8815a_GUID |
iisWasKey |
If the files exist in MachineKeys folder, check their security permissions. In the server I worked on, these files didn’t have owners.
After taking the ownership, it displayed only IIS_IUSRS account in the permission list. I added DatabaseAdministrators group to the Security list. Other required permissions came back right away. Afterward, we were able to change application pool identity.
Note: If you see 0x8009000D error along with “Keyset does not exist” message, please check this post.