When I tried to set Physical Path Credentials in the Advanced Settings, I've got an error message as follows:
Internet Information Services (IIS) Manager
Bad Data. (Exception from HRESULT: 0x80090005)
And it prevents me to set specific user to access network shared folder.
Strangely, I have another server with same configuration, it works fine but this one raised the error. Any idea?
if you copied over the applicationhost.config, you need to export and import also accounts encrypted through WAS.
What i did (taken from here):
Export:
aspnet_regiis -px "iisConfigurationKey" "D:\iisConfigurationKey.xml" -pri
aspnet_regiis -px "iisWasKey" "D:\iisWasKey.xml" -pri
Import:
aspnet_regiis -pi "iisConfigurationKey" "D:\iisConfigurationKey.xml"
aspnet_regiis -pi "iisWasKey" "D:\iisWasKey.xml"
then copy again the applicationhost.config working again!
I have seen that problem when the encryption keys have been misconfigured, usually because an ApplicationHost.config was copied from a different machine (without importing the encryption keys) or the encryption keys have been override incorrectly.
The reason you get that error is because whenever a password is stored (such as a virtual directory user/pwd) it is stored using encryption and that will cause it to fail.
Thanks to a good answer by Mathieu Chateau, I discovered that the applicationHost.config file can be edited manually to avoid the need to export and import the machine key used for the encoding. I just manually set all the app pool identities to the default app pool identity like so:
<add name="local.com">
<processModel identityType="ApplicationPoolIdentity" loadUserProfile="true" setProfileEnvironment="false" />
</add>
I refreshed the list of app pools in the IIS manager UI, and all seemed to work just fine, including the ability to edit the app pool settings for another identity. I would expect that any other change to the properties would work fine as well.
Simple fix for me: If you are using a shared configuration for IIS, re-add the user credentials for the network location where the applicationHost file is shared. This will remove the previously encrypted credentials from the config file and replace it with the updated one.
You can also remove the encrypted field from the applicationHost file manually, e.g:
<add name="site.com" autoStart="true" enable32BitAppOnWin64="true" managedRuntimeVersion="v4.0" startMode="AlwaysRunning">
<processModel identityType="SpecificUser" userName=".\username" password="[enc:IISWASOnlyAesProvider:IIasdfasd225223xxx:enc]" />
</add>
