While trying to set application pool identity in IIS Manager, I came across “Keyset does not exist” error. When I looked at the Event Viewer, I saw this message:
ERROR ( hresult:80090016, message:Failed to commit configuration changes. Keyset does not exist)
Solution for “Keyset does not exist” error (hresult:80090016)
This issue occurs when there is a problem with the machine keys. These keys are located at
There are three machine keys IIS uses for encryption. The first thing to check is if these files exist. If they don’t, you will need to reinstall IIS for the files to be recreated.
If the files exist in MachineKeys folder, check their security permissions. In my case, these files didn’t have owners.
After taking the ownership, I saw that only
IIS_IUSRS account was in the permission list. I added
DatabaseAdministrators group to the Security list. This brought back other required permissions as well. We were able to change application pool identity password afterwards.
Note: If you see 0x8009000D error along with “Keyset does not exist” message, please check this post.
If there is a huge amount of files (thousands of them) in the MachineKeys folder, there might be another issue. More details: Remove older files in MachineKeys folder