Home » Failed to commit configuration changes. Keyset does not exist (80090016)

Failed to commit configuration changes. Keyset does not exist (80090016)

While trying to set application pool identity in IIS Manager, I came across “Keyset does not exist” error. When I looked at the Event Viewer, I saw this message:

ERROR ( hresult:80090016, message:Failed to commit configuration changes. Keyset does not exist)

Solution for “Keyset does not exist” error (hresult:80090016)

This issue occurs when there is a problem with the machine keys. These keys are located at C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

There are three machine keys IIS uses for encryption. The first thing to check is if these files exist. If they don’t, you will need to reinstall IIS for the files to be recreated.

6de9cb26d2b98c01ec4e9e8b34824aa2_GUIDiisConfigurationKey
d6d986f09a1ee04e24c949879fdb506c_GUIDNetFrameworkConfigurationKey
76944fb33636aeddb9590521c2e8815a_GUIDiisWasKey
Machine key files used by IIS

If the files exist in MachineKeys folder, check their security permissions. In my case, these files didn’t have owners.

hresult:80090016 Failed to commit configuration changes. Keyset does not exist

After taking the ownership, I saw that only IIS_IUSRS account was in the permission list. I added DatabaseAdministrators group to the Security list. This brought back other required permissions as well. We were able to change application pool identity password afterwards.

Note: If you see 0x8009000D error along with “Keyset does not exist” message, please check this post.

If there is a huge amount of files (thousands of them) in the MachineKeys folder, there might be another issue. More details: Remove older files in MachineKeys folder

Categories IIS

Leave a Comment