IIS 7.5, Encryption Keys, and HRESULT: 0x80090005

When trying to assign a domain account to an IIS 7.5 app pool I get the following error:

Details: Bad Data. (Exception from HRESULT: 0x80090005)

My research shows that this can happen when you copy an applicationhost.config file without importing the keys. The suggested resolutions I have seen is to uninstall IIS and rebuild it from scratch (http://forums.iis.net/t/1160895.aspx). I am not sure which machine the config came from so the original would be lost by now.

I am reluctant to rebuild IIS without better understanding the issue. My understanding so far is that the private key (Somewhere in IIS?) is used to encrypt the credentials of the AD account. So why can't IIS currently use its existing key to create this new AD account in its configuration -- or why can't I just generate a new key and use that? Is there currently just no key on this machine that is being used?

I was able to resolve this by setting up IIS on a new machine. I then exported the keys from that machine and copied then imported the keys to my existing IIS installs.

By replacing the <configProtectedData> on my existing machines with the one generated by the new machine combined with the key import I was then able to add a domain user with out error.

Export Commands:

aspnet_regiis -px "iisConfigurationKey" "c:\exportedIISKey.xml" -pri
aspnet_regiis -px "iisWasKey" "c:\exportedWASKey.xml" -pri

Import Commands:

aspnet_regiis -pi "iisConfigurationKey" "c:\exportedIISKey.xml"
aspnet_regiis -pi "iisWasKey" "c:\exportedWASKey.xml"

........