Thursday, November 13, 2008 1:19 PM
This morning I received a request regarding one of our production critical servers that is STILL running on IIS 5 (i know, i know). Apparently IIS had "disappeared" as one of the other techs here put it. Well it didn't exactly disappear, but it sure got hosed.
I logged into the box, and when I attempted to run InetManager I received the following error:
"The specified handle is invalid. Do you want to continue to connect in the future?"
I then noticed that the WWW service wasn't running, so when I attempted to start it I got another not so nice error:
"Could not start the World Wide Web Publishing Service on Local Computer.
Error 1008: An attempt was made to reference a token that does not exist."
Needless to say, errors like this on an IIS 5 server are not how I like to start my day. Now I had actually seen this behavior in the past on other IIS 5 boxes, and after unsuccessfully attempting to restore the metabase, I ended up having to just reinstall IIS and manually reconfigure the apps. This time though, I did a little more research and came across
THIS article which described my symptoms to a tee . Note that I am not running SMS 2003 as the article mentions.
The thought of deleting and renaming machine keys made me a little nervous, but then I thought screw it, lets see if this works. I followed the steps in the article exactly and to my great relief the WWW service started right up afterwards! I did run into one problem though once I got IIS back up and running. Apparently messing with the machine keys jacks up your SSL settings, so if you are using SSL on any of your web apps on the affected server, you will probably have to follow these steps like I did.
After doing everything in the article I was able to hit my websites now over http with no problem. But when I attempted to hit the one site using SSL over https I received a "Page Cannot be displayed." I checked out the System log and saw a ton of entries like this:
"A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016. "
The fix for this was pretty simple. I just had to open up the remove the cert from my website in IIS, open the Certificates snap-in within an MMC, delete the certificate, and then re-import it and assign it to my site. Luckily I had a copy of the .pfx handy so getting it re-applied was not an issue.
I hope this info has helped someone. Hopefully this will serve as a kick in the ass to our product teams to listen to us when we say we've got to get these apps off of IIS 5 ASAP!
