Issue: When we tried to open a SharePoint web app, we get error message Page cannot be displayed.
Error: In event ID we have seen error message:
IIS Admin Service service terminated with service-specific error 2148073478 (0x80090006)
Background: We had seen event ID 6482 in one of SharePoint servers which is saying that SSL certificate on one of web application has expired. Though we had not used SSL in any of our SharePoint webapp, but still we were getting SSL error message.
MS had suggested to work based on the KB http://support.microsoft.com/kb/962928 and renew self SSL on the web application; however this didn’t resolve the issue.
MS had suggested to follow the steps in another KB http://support.microsoft.com/kb/908572 to give Local Administrator rights to admin account at location \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA as Renew Self SSL were failing.
This did fix the issue of Event ID 6482 to fire in the event viewer but did lead to another issue which is point of discussion in this article.
We have seen after testing this fix what MS had suggested, it did break our testing and preproduction environment where were not able to start IIS service and getting the above error message.
Resolution:
To fix this issue and have IIS admin service running again was also challenging.
Based on one of steps to fix this issue MS has suggested to rename the MachineKeys folder at location \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys based on the KB https://support.microsoft.com/kb/908572.
It did fixed the issue however, when testing servers were rebooted (as a part of patching) the IIS Metabase was corrupt resulting in IIS Admin service did not start and all web application were inaccessible.
Anticipating this could result in serious issues to Production environment, we decided to take production servers out of patching schedule and re-opened the case with MS informing them the issue we are facing after the fix was implemented to resolve first problem.
We restored the old MachineKeys folder by renaming it to original name and deleted the newly created MachineKeys folder first in testing platforms.
During the testing in root to live we spotted that there were two services (Cryptographic Services and syslog-ng Agent Service) which were automatically creating the MachineKeys folder and was not letting us rename it.
Stopping these services allowed us to rename the MachineKeys folder and we were able to start IIS Admin and World Wide Web Publishing services in sys-test and Pre-production platforms.
Implemented the same steps in production servers, rebooted each server one at a time to check if any issues occurred post fix.
There was no disruption to the service and IIS web applications are working fine.
Applies to: SharePoint server 2010 and Windows Server 2008, IIS 7.
No comments:
Post a Comment