Solve IIS application pool identity keyset does not exist error with clear steps to restore machine keys, repair configs, and avoid reinstalling IIS.  Our Live Support Team is always here to help you.

The IIS Application Pool Identity Keyset Does Not Exist Problem Explained

Many administrators run into the dreaded message: iis application pool identity keyset does not exist. It usually appears when trying to update the application pool identity with a custom account or when specifying a “connect as” user in site settings. Instead of guessing, let’s go through why this happens and how to correct it without wasting time.

Why this error shows up

The error often comes with codes like:

• 0x8009000D
• 0x80090016
• 0x80090005

At its core, the problem happens because IIS relies on machine keys for encryption. These keys can go missing or become corrupt due to improper shutdowns, server cloning, or crashes. Once that happens, encryption and decryption of sensitive data break, leading to the iis application pool identity keyset does not exist error.

The keys live in:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

For IIS 7 and above, three specific keys are critical:

• 6de9cb26d2b98c01ec4e9e8b34824aa2_GUID → iisConfigurationKey
• d6d986f09a1ee04e24c949879fdb506c_GUID → NetFrameworkConfigurationKey
• 76944fb33636aeddb9590521c2e8815a_GUID → iisWasKey

In older IIS 6.0 setups, the key c2319c42033a5ca7f44e731bfd3fa2b5_GUID is used.

If any of these are out of sync with IIS configs, you’ll see the error when using custom accounts. Accounts like Local System, IIS_IUSRS or Network Service don’t fail because they don’t need password encryption (NTFS permissions).

Safeguard your configuration

Before touching anything, it’s smart to back up IIS. Install Web Deploy from:

http://www.iis.net/downloads/microsoft/web-deploy

After installation, open inetmgr and export the server package:

• Click Export server package at the root node.
• Under Advanced Settings, set an encryption password and keep it safe.
• Save the zip file.

To restore later, simply import the package and provide the password.

How to repair the machine keys

Now let’s move to the repair process. This method often resolves this issue without reinstalling IIS.

First, go to:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\

Rename or move these files:

• 6de9cb26d2b98c01ec4e9e8b34824aa2_GUID
• d6d986f09a1ee04e24c949879fdb506c_GUID
• 76944fb33636aeddb9590521c2e8815a_GUID

Next, backup applicationHost.config. Inside this file, clear everything between:

<configProtectedData>

<providers>

...

</providers>

</configProtectedData>

After that, open Command Prompt as administrator and run:

"%windir%\system32\inetsrv\iissetup.exe /install SharedLibraries"

This will regenerate the machine keys and rebuild the <configProtectedData> section automatically.

[If needed, Our team is available 24/7 for additional assistance.]

Conclusion

If the issue persists even after these actions, the last option is a full IIS reinstall. However, most administrators find that regenerating the keys as shown above restores normal function and resolves the iis application pool identity keyset does not exist problem effectively.