I am setting up a second asp.net site on our Windows 2008 R2 server. We use a RSA Key Container to encrypt our connection strings. I created a new Application Pool with all the same settings as our Default Application Pool that is supporting our current site, including using the same user account for the identity. When I try to access the new site I get the following error: The RSA key container could not be opened
If I change the new website to use our Default Application Pool it works. So I try and give the user account in the new Application Pool access to the RSA Key Container using the following command in an Administrator Command Prompt:
aspnet_regiis -pa "KeyContainerName" "dmz\UserName"
I get the following error: The RSA key container was not found.
I run the following command to install the key container:
aspnet_regiis -pi "KeyContainerName" "c:\keys.xml"
I get the following error: Object already exists
I try and run the following command to delete the key container:
aspnet_regiis -pz "KeyContainerName"
I get this error: The RSA key container was not found. Failed!
So I am completely baffled, one command tells me it already exists which makes sense because I know our one website is using it, but when I tried to delete it tells me it doesn't exist. It works for one app pool but not for a new app pool using the exact same identity? I did this exact same setup on 12 other servers and they all worked fine.
Best Answer
I have had something similar.
If the account you are using does not have permission to the key container then when you try to grant permission to it (
aspnet_regiis -pa "KeyContainerName" "dmz\UserName") you get the Key Container not found error. However the key does exist; hence, the error when you try to re-create it.This would mean that the key was created by a different account.
If you can log on as that account you can then do
to grant your own account control of the key. I would suggest setting up a KeyAdministrators NT group and granting access to that and getting yourself in the group.