WELCOME >>
Home services products support
Saturday, February 04, 2012 ..:: Blogs » Brian Swanson ::.. Register  Login

IIS certificate request creation error

Jun 30

Written by: Brian Swanson
6/30/2008 11:49 AM 

I ran into a strange problem over the weekend...In our efforts to provide more credibility/security for our users we were in the process of getting a couple of SSL certificates for our sites.  As I normally would have done, I went to the IIS Manager, went into the site's properties, clicked on the Security tab, and used the wizard to attempt to create the certificate request.  The challenge was that after completing the wizard I was getting a very ambiguous "Access Denied" error.  After doing a bit of research with Google, I found the issue to be a security permissions issue on /Document and Settings/All Users/Application Data/Microsoft/Crypto/RSA/MachineKeys folder, or files in the folder.

Now, I only skimmed the page that pointed me to this issue, but basically the page said there was a permissions issue, and I should just delete the "MachineKeys" folder, and IIS will re-create it.  Great, did that, as expected the folder was re-created, and I was then able to generate the certificate request.

The problem was probably immediate, but I didn't notice/recognize it until about 30 minutes later.  I had several sites that were no longer started, and wouldn't start.  Ok, restart IIS, and it won't start up any more.  Check the logs, and the WWW publishing service won't start because one of it's dependencies was failing.  Investigate a bit further, and IIS admin service won't start....Hmmm that's interesting...I go into the Event Viewer, and track down the error code that IIS Admin service is throwing, and do a bit more Google research, and....OH NO...Apparently one of the files in the MachineKeys folder was a file that IIS used for encrypting/decrypting it's metabase...And you guessed it, you have to un-install and then re-install IIS to get things working again...

Now, this is no trivial task, we are running 100+ low-traffic sites on our server...Luckily I hadn't yet closed down IIS Manager from my previous work, so I could see the list of the sites, and was able to copy them down in a notepad file...After a couple hours of resetting up all the sites in IIS, and ensuring they were working as expected, we were back in business....

So learn from my lesson here...If you run into the "Access Denied" error when trying to generate a certificate request, fix the permissions issue...DO NOT delete the MachineKeys folder.

Trackback Print
Location: Blogs Brian Swanson IT Administrator
Tags:

Your name:
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Title:
Comment:
Security Code
Enter the code shown above in the box below
Add Comment   Cancel 





Copyright 2008 by Purple Ant LLC   Terms Of Use  Privacy Statement