Home » Remove older files in MachineKeys folder

Remove older files in MachineKeys folder

MachineKeys folder stores certificate keys that are used by IIS and Internet Explorer. Because of a permission or application code related issue, this folder may fill up with thousands of files in a short time.

The permanent solution is to correct permissions or fix the code so that the certificate keys in this folder are automatically removed. However, if the permanent fix is taking long time, you will need a practical way of removing old files from this folder.

Run the following command in Command Prompt to remove files older than 90 days in the MachineKeys folder (Make sure to open Command Prompt as Administrator).

ForFiles /p "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /s /d -90 /c "cmd /c del @file /F /A:S"
MachineKeys folder clean-up
MachineKeys folder clean-up

Why is MachineKeys older filling up?

There are four common reasons why the files in the MachineKeys folder are not automatically removed:

  • There is a permission issue that is preventing OS to remove files from that folder. Compare the folder permissions with the ones listed in this document
  • There is a code related issue. The application is not removing X.509 certificates once it uses them for communication. More details
  • A security software might be performing SSL check and causing these files to persist. Try disabling this software
  • Enterprise CA might be failing to respond the request. Check Event Viewer logs for the failed requests

If a file in MachineKeys is corrupted, check this post for solution: Service-specific error code -2146893818 (Event 7024 Invalid Signature)

When there is a permission issue on MachineKeys folder, you may run into Schannel errors as well. Here are the step-by-step instructions to solve Schannel 10013 error: https://port135.com/2018/11/24/schannel-the-internal-error-state-is-10013-solved/

Leave a Comment