7

When trying to assign a domain account to an IIS 7.5 app pool I get the following error:

Details: Bad Data. (Exception from HRESULT: 0x80090005)

My research shows that this can happen when you copy an applicationhost.config file without importing the keys. The suggested resolutions I have seen is to uninstall IIS and rebuild it from scratch (http://forums.iis.net/t/1160895.aspx). I am not sure which machine the config came from so the original would be lost by now.

I am reluctant to rebuild IIS without better understanding the issue. My understanding so far is that the private key (Somewhere in IIS?) is used to encrypt the credentials of the AD account. So why can't IIS currently use its existing key to create this new AD account in its configuration -- or why can't I just generate a new key and use that? Is there currently just no key on this machine that is being used?

Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
  • 1
    I think if you are going to repair your broken container the aspnet_regiis tool might be the tool you need. See http://msdn.microsoft.com/en-us/library/k6h9cz8h(v=vs.80).aspx, the section on creating public/private.. you can also export/import from another machine. I'd also take a look at the section of your applicationhost.config -- perhaps it can be removed and then re-copied. – beans Feb 04 '11 at 01:29
  • @Ben: That section isn't there ... maybe that is why it can't create it. I can however export the key, think if I re-import it then it will rebuild that section? – Kyle Brandt Feb 04 '11 at 16:38
  • I honestly don't know.. this is out of my ability to reproduce right now, otherwise I'd be happy to get you some results. – beans Feb 04 '11 at 16:50
  • Oh this looks promising http://forums.iis.net/p/1160389/1915020.aspx#1915020 – Kyle Brandt Feb 04 '11 at 17:15
  • Damn, get the same `C:\Windows\System32\inetsrv>%windir%\system32\inetsrv\iissetup.exe /install SharedLibraries Failed = 0x80070005 error` as stated by victor in the last meesage of that iis forum thread. – Kyle Brandt Feb 04 '11 at 17:43
  • Progress! I created a new instance on another machine, exported the keys and protected data sections, and can now set the user...not sure how exporting this config will go though – Kyle Brandt Feb 04 '11 at 18:15

2 Answers2

6

I was able to resolve this by setting up IIS on a new machine. I then exported the keys from that machine and copied then imported the keys to my existing IIS installs.

By replacing the <configProtectedData> on my existing machines with the one generated by the new machine combined with the key import I was then able to add a domain user with out error.

Export Commands:

aspnet_regiis -px "iisConfigurationKey" "c:\exportedIISKey.xml" -pri
aspnet_regiis -px "iisWasKey" "c:\exportedWASKey.xml" -pri

Import Commands: 

aspnet_regiis -pi "iisConfigurationKey" "c:\exportedIISKey.xml"
aspnet_regiis -pi "iisWasKey" "c:\exportedWASKey.xml"

........

Community
  • 1
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
0

FYI I am using the Shared Configuration between two servers and got this error. Turned out one of the servers had gotten the configuration confused, Unchecked the use shared configuration and rechecked and re-entered the shared config info and it worked.

Hope this helps out someone else.

P.S. it wouldn't just let me comment on the original or I would have.

Eric Hodges
  • 101