When trying to assign a domain account to an IIS 7.5 app pool I get the following error:
Details: Bad Data. (Exception from HRESULT: 0x80090005)
My research shows that this can happen when you copy an applicationhost.config
file without importing the keys. The suggested resolutions I have seen is to uninstall IIS and rebuild it from scratch (http://forums.iis.net/t/1160895.aspx). I am not sure which machine the config came from so the original would be lost by now.
I am reluctant to rebuild IIS without better understanding the issue. My understanding so far is that the private key (Somewhere in IIS?) is used to encrypt the credentials of the AD account. So why can't IIS currently use its existing key to create this new AD account in its configuration -- or why can't I just generate a new key and use that? Is there currently just no key on this machine that is being used?
I was able to resolve this by setting up IIS on a new machine. I then exported the keys from that machine and copied then imported the keys to my existing IIS installs.
By replacing the <configProtectedData>
on my existing machines with the one generated by the new machine combined with the key import I was then able to add a domain user with out error.
Export Commands:
aspnet_regiis -px "iisConfigurationKey" "c:\exportedIISKey.xml" -pri
aspnet_regiis -px "iisWasKey" "c:\exportedWASKey.xml" -pri
Import Commands:
aspnet_regiis -pi "iisConfigurationKey" "c:\exportedIISKey.xml"
aspnet_regiis -pi "iisWasKey" "c:\exportedWASKey.xml"
........
FYI I am using the Shared Configuration between two servers and got this error. Turned out one of the servers had gotten the configuration confused, Unchecked the use shared configuration and rechecked and re-entered the shared config info and it worked.
Hope this helps out someone else.
P.S. it wouldn't just let me comment on the original or I would have.
User contributions licensed under CC BY-SA 3.0