Config Error Failed to decrypt attribute 'password'  [Answered]RSS

4 replies

Last post Dec 19, 2012 01:27 AM by Leo Tang - MSFT

  • Config Error Failed to decrypt attribute 'password'

    Dec 17, 2012 03:01 PM|rpfinnimore|LINK

    Our systems department "cloned" a windows 2008 virtual server hosting an IIS7 server with several .net applications using framework 4 so that I could use the new server as a development environment.  When I got admin access to the new server I went into manage user accounts  and changed the IIS_OLDSERVERNAME user in the IIS_USRS group to IIS_NEWSERVERNANE then published the required projects from my client MS Visual Studio 2010 to the new server.  The publish went fine which encouraged me, but...

    When I try to access any of the sites on the new server I get and exception...

    HTTP Error 500.19 - Internal Server Error

    The requested page cannot be accessed because the related configuration data for the page is invalid.

    <div>...with the specific config error being...</div> <div> </div> <div>
    Config Error Failed to decrypt attribute 'password'
    </div> <div> </div> <div>...which I read is likely due to the key being used to decrypt the password on the new server is different that the key on the old server.  How can I make the decryption key the same on both servers ?</div> <div> </div> <div>Thanks much for any help, Roscoe</div>
  • Re: Config Error Failed to decrypt attribute 'password'

    Dec 18, 2012 02:02 AM|lextm|LINK

    The defintion of "clone" can lead to confusion.

    The first IIS machine uses a unique key to encrype the password, so if you guys simply copied the encrypted configuration file to a second machine, no doubt it could not be decrypted,

    http://technet.microsoft.com/en-us/library/cc753268(v=ws.10).aspx

    Lex Li
    IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Config Error Failed to decrypt attribute 'password'

    Dec 18, 2012 01:47 PM|rpfinnimore|LINK

    Hi Lex, Thanks a tonne for the help.  Rather than have the two servers share configurations files and encryption key is it possible just to move the content of the original servers' ConfigEncKey.key to the new server?  Or will this cause other issues down the road?  If my questions are dumbass please excuse I'm a bit new to this, Cheers, Roscoe

  • Re: Config Error Failed to decrypt attribute 'password'

    Dec 19, 2012 01:08 AM|lextm|LINK

    If you don't want to use the above procedure, you might try to use Web Deploy to sync the two servers,

    http://www.iis.net/learn/publish/using-web-deploy/synchronize-iis

    Lex Li
    IIS Consulting Services at https://support.lextudio.com/services/consulting.html
    ---------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
  • Re: Config Error Failed to decrypt attribute 'password'

    Dec 19, 2012 01:27 AM|Leo Tang - MSFT|LINK

    Hi,

    You can manually export and import the keys from the original server.

    Export using the following commands

    aspnet_regiis -px "iisConfigurationKey" "D:\iisConfigurationKey.xml" -pri

    aspnet_regiis -px "iisWasKey" "D:\iisWasKey.xml" –pri

    And for the import use

    aspnet_regiis -pi "iisConfigurationKey" "D:\iisConfigurationKey.xml"

    aspnet_regiis -pi "iisWasKey" "D:\iisWasKey.xml"

    Caution while xcopying IIS 7.0 config files

    http://blogs.iis.net/webtopics/archive/2009/03/15/caution-while-xcopying-iis-7-0-config-files.aspx

    As Lextm mentioned, it is recommended that using Web Deployment Tool,  you can create a package (settings and content)  of the whole server / specific application and use it to deploy.

    Thanks.

    Please mark the replies as answers if they help or unmark if not.
    Feedback to us