Issue


Tried to open a SharePoint web app and got error message: Page cannot be displayed.
 

Error


In event ID was this error message as below, 

IIS Admin Service service terminated with service-specific error 2148073478 (0x80090006)

Background


Saw event ID 6482 in one of the SharePoint servers which is saying that SSL certificate on one web application has expired. SSL was not used in any SharePoint web app, but still getting SSL error message.

Microsoft suggested work based on the KB article http://support.microsoft.com/kb/962928 and renew self SSL on the web application. This didn’t resolve the issue.

Microsoft had suggested to follow the steps in another KB article http://support.microsoft.com/kb/908572 to give Local Administrator rights to Admin account at location \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA as Renew Self SSL were failing.

This did fix the issue of Event ID 6482 to fire in the event viewer but did lead to another issue which is point of discussion in this article.

After testing the fix MS had suggested, it did break the testing and preproduction environment where IIS service was not able to start and the above error message showed.

Resolution


To fix this issue and have IIS admin service running again was also challenging.

Based on one of steps to fix this issue Microsoft has suggested to rename the MachineKeys folder at location \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys based on the KB article https://support.microsoft.com/kb/908572.

It did fixed the issue. However, when testing servers were rebooted (as a part of patching) the IIS Metabase was corrupt resulting in IIS Admin service not starting and all web applications being inaccessible.  

Anticipating this could result in serious issues to production environment. The net step was to take production servers out of patching schedule and re-open the case with Microsoft informing them of the issue after the fix was implemented to resolve first problem.

Restored the old MachineKeys folder by renaming it to original name and deleted the newly created MachineKeys folder first in testing platforms.

During the testing in root to live spotted that there were two services (Cryptographic Services and syslog-ng Agent Service) which were automatically creating the MachineKeys folder and was not letting a rename.

Stopping these services allowed a rename of the MachineKeys folder. Able to start IIS Admin and World Wide Web Publishing services in sys-test and Pre-production platforms.   

Implemented the same steps in production servers, rebooted each server one at a time to check if any issues occurred post fix.  

There was no disruption to the service and IIS web applications are working fine.   

Reference


http://blogs.msdn.com/b/saurabh_singh/archive/2007/08/02/iisadmin-startup-issues.asp

Applies to


SharePoint server 2010 and Windows Server 2008, IIS 7.