Skip to main content

Service-specific error code -2146893818 (Event 7024 Invalid Signature)

IIS Admin Service enables the administration of IIS metabase which stores the configuration of SMTP and FTP services. If you see this service stopped in the Services window, it means that the server is unable to configure SMTP or FTP.

When you try to start IIS Admin Service, you may come across this error message:

Windows could not start the IIS Admin Service on Local Computer. For more information, review the System Event log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -2146893818.

If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -2146893818.

The Event Viewer also records an error similar to the message above:

Event 7024
The IIS Admin Service service terminated with the following service-specific error: Invalid Signature


Event 7024 The IIS Admin Service service terminated with the following service-specific error: Invalid Signature

Root Cause

Service-specific error code -2146893818” occurs when the machine key that is used for decryption/encryption is corrupted. You will probably see numerous Schannel errors because of this corrupted file.

Go to MachineKeys folder (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys) and check the Last Modified Date of the file that has a name starting with c23. If the date is newer than the date IIS server is installed, it means something (an update or installation) caused this file to change and get corrupted.

If you are trying to manage IIS with a non-admin account, check this post out: How to manage IIS locally with a non-admin account?

Solution for 2146893818 error (Event 7024 Invalid Signature)

Follow the possible solutions below in the given order to fix this issue.

Restore the machine key

If you have a backup of the machine key starting with c23, restore it to the MachineKeys folder.

Some resources also mention restoring the Metabase.XML and MBSchema.XML from the History folder (C:\Windows\System32\Inetsrv\History)

Reinstall IIS 6 Metabase Compatibility

If the restore option didn’t work, follow the steps below to reinstall IIS 6 Metabase Compatibility feature. This feature recreates a machine key so that IIS Admin Service should start successfully afterwards.

  1. Remove the machine key starting with c23 from the MachineKeys folder (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys)
  2. Uninstall IIS 6 Metabase Compatibility (Server Manager > Manage > Remove Roles and Features)
  3. Restart the server

After restarting the server, install IIS 6 Metabase Compatibility (Server Manager > Manage > Add Roles and Features). Make sure that the machine key with c23 name is created.

Go to Services window. IIS Admin Service should already running.

Check permissions

If IIS Admin Service is still not starting, check the permissions of the MachineKey folder. Make sure that Administrators and System both have Full Control permissions.

References:

After implementing and testing the solution, you may come across an error mentioning IIS Admin Service while restarting IIS. Here is the solution: Restart attempt failed. The IIS Admin Service or the World Wide Web Publishing Service, or a service dependent on them failed to start

The Most Functional and Compact Toiletry Bag

Leave a Reply

Your email address will not be published. Required fields are marked *