While trying to set application pool identity in IIS Manager, I came across “Keyset does not exist” error. When I looked at the Event Viewer, I saw this message:
ERROR ( hresult:80090016, message:Failed to commit configuration changes. Keyset does not exist)
Solution for “Keyset does not exist” error (hresult:80090016)
This issue occurs when there is a problem with the machine keys. These keys are located at
There are three machine keys IIS uses for encryption. The first thing to check is if these files exist. If they don’t, you will need to reinstall IIS for the files to be recreated.
If the files exist in MachineKeys folder, check their security permissions. In my case, these files didn’t have owners.
After taking the ownership, I saw that only
IIS_IUSRS account was in the permission list. I added
DatabaseAdministrators group to the Security list. This brought back other required permissions as well. We were able to change application pool identity password afterwards.
Note: If you see 0x8009000D error along with “Keyset does not exist” message, please check this post. It recommends recreating the IIS machine keys in the MachineKeys folder and related entries in the applicationHost.config file by following the steps below:
1) Rename the below files or move it to a different location from C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ 6de9cb26d2b98c01ec4e9e8b34824aa2_GUID iisConfigurationKey d6d986f09a1ee04e24c949879fdb506c_GUID NetFrameworkConfigurationKey 76944fb33636aeddb9590521c2e8815a_GUID iisWasKey 2) Backup applicationhost.config, then delete everything inside the tags below in applicationhost.config. Delete the contents within <configProtectedData> or <providers>. <configProtectedData> <providers> ... </providers> </configProtectedData> 3) Open a command prompt in admin mode and run the below command "%windir%\system32\inetsrv\iissetup.exe /install SharedLibraries"
Note: If running the “iissetup.exe /install SharedLibraries” command returns 0x8007005 error, it means your user account doesn’t have the required permissions. This may happen even though the account’s AD group is in the local Administrators group and you open Command Prompt as Administrators. It’s likely that this account is lacking specific permission to complete this operation. Please try with another Administrator account.
If there is a huge amount of files (thousands of them) in the MachineKeys folder, there might be another issue. More details: Remove older files in MachineKeys folder
1 thought on “Failed to commit configuration changes. Keyset does not exist (80090016)”
This was a huge help, thanks!!!!!