IIS 7 and Above
Config Error Failed to decrypt attribute 'password'
Last post Dec 19, 2012 01:27 AM by Leo Tang - MSFT
Dec 17, 2012 03:01 PM|rpfinnimore|LINK
Our systems department "cloned" a windows 2008 virtual server hosting an IIS7 server with several .net applications using framework 4 so that I could use the new server as a development environment. When I got admin access to the new server I went into
manage user accounts and changed the IIS_OLDSERVERNAME user in the IIS_USRS group to IIS_NEWSERVERNANE then published the required projects from my client MS Visual Studio 2010 to the new server. The publish went fine which encouraged me, but...
When I try to access any of the sites on the new server I get and exception...
Dec 18, 2012 02:02 AM|lextm|LINK
The defintion of "clone" can lead to confusion.
The first IIS machine uses a unique key to encrype the password, so if you guys simply copied the encrypted configuration file to a second machine, no doubt it could not be decrypted,
Dec 18, 2012 01:47 PM|rpfinnimore|LINK
Hi Lex, Thanks a tonne for the help. Rather than have the two servers share configurations files and encryption key is it possible just to move the content of the original servers' ConfigEncKey.key to the new server? Or will this cause other issues down
the road? If my questions are dumbass please excuse I'm a bit new to this, Cheers, Roscoe
Dec 19, 2012 01:08 AM|lextm|LINK
If you don't want to use the above procedure, you might try to use Web Deploy to sync the two servers,
Dec 19, 2012 01:27 AM|Leo Tang - MSFT|LINK
You can manually export and import the keys from the original server.
Export using the following commands
aspnet_regiis -px "iisConfigurationKey" "D:\iisConfigurationKey.xml" -pri
aspnet_regiis -px "iisWasKey" "D:\iisWasKey.xml" –pri
And for the import use
aspnet_regiis -pi "iisConfigurationKey" "D:\iisConfigurationKey.xml"
aspnet_regiis -pi "iisWasKey" "D:\iisWasKey.xml"
Caution while xcopying IIS 7.0 config files
As Lextm mentioned, it is recommended that using Web Deployment Tool, you can create a package (settings and content) of the whole server / specific application and use it to deploy.