IWA Keyset does not exist
3 years ago
Article Number
000068084
Applies To

RSA Product Set: RSA SecurID Access
RSA Product/Service Type: Identity Router
O/S Version:

Issue
End users are unable to log in to their Application Portal or perform SSO login to applications with IWA. When the users try to log in using their usernames and passwords they succeed, thus it is not an issue with the portal itself.

They are seeing error Keyset does not exist and hangs on that page
keyset does not exist
In the Event viewer, you will notice the error below:

User-added image

 
Cause
This problem occurs because the LOCAL SERVICE & the IIS_USRS accounts don't have Full Control access on the Machinekeys Folder and specifically on the iisWasKey below:
 

6de9cb26d2b98c01ec4e9e8b34824aa2_GUID

iisConfigurationKey

d6d986f09a1ee04e24c949879fdb506c_GUID

NetFrameworkConfigurationKey

76944fb33636aeddb9590521c2e8815a_GUID

iisWasKey


that is located in the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
Resolution

To resolve this problem, follow these steps:

  1. Locate the Folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
  2. Right-click the Machine Keys folder, and then select Properties.
  3. Select the Security tab, and then select Edit. If you're asked whether you want to continue the operation, select Continue. Then, the list of group names and user names that have access to this key file appears in the Permissions dialog box.
  4. Select Add. Then, the Select Users, Computers, Service Accounts, or Groups dialog box appears.
  5. Type LOCAL SERVICE, and then select Check Names.
  6. Select OK.
  7. Type IIS_USRS, and then select Check Names
  8. Select OK
  9. Make sure you give both of them FULL CONTROL 

 

Related Articles

Trending Articles

Don't see what you're looking for?