I have IIS version 10 installed on Windows 10 Pro Version 1709, build 16299.125.
After a Windows update, IIS stopped working. I saw that W3SVC isn't working, because WAS (Windows Process Activation Service) can't be started. When I try to start WAS, Windows display the message:
Windows can't start Windows Process Aplication Service on Local Computer. Error 13: The data are invalid
Looking at Windows Event Log, I see that WAS didn't started due event ID 5005, 5215 and Service Control Manager stopped due event ID 7023.
I did some research and tried a lot of stuff:
I tried the commands as suggested here https://stackoverflow.com/a/39969350/9146236
This is the IIS log:
[12/26/2017 17:36:37] [ ***** IIS 10.0 Component Based Setup ***** ]
[12/26/2017 17:36:37] .\inetsrv\iissetup.exe /install SharedLibraries /nano
[12/26/2017 17:36:37] Setting Installation Type to Nano
[12/26/2017 17:36:37] Successfully added IIS_IUSRS ACE to DACL at %ProgramData%\Microsoft\Windows\WER\ReportQueue.
[12/26/2017 17:36:38] < !!FAIL!! > Failed to create the NetFrameworkConfigurationKey key container (result=0x8009000f)
[12/26/2017 17:36:38] < !!FAIL!! > Install of component SharedLibraries result=0x8009000f
[12/26/2017 17:36:38] < !!FAIL!! > COMPONENT::ExecuteCommand result=0x8009000f
[12/26/2017 17:36:38] [ End of IIS 10.0 Component Based Setup ]
I executed Process Monitor and got some info about WAS and inetsrv:
17:36:37,8212043 conhost.exe 10620 FASTIO_NETWORK_QUERY_OPEN C:\WINDOWS\inetsrv\iissetup.exe \install SharedLibraries \nano FAST IO DISALLOWED
17:36:37,8212488 conhost.exe 10620 IRP_MJ_CREATE C:\WINDOWS\inetsrv\iissetup.exe \install SharedLibraries \nano PATH NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
and:
18:15:01,5512834 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\StartOverride NAME NOT FOUND Desired Access: Query Value
18:15:01,5512974 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Start SUCCESS Type: REG_DWORD, Length: 4, Data: 2
18:15:01,5513106 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Start SUCCESS Type: REG_DWORD, Length: 4, Data: 2
18:15:01,5513231 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ErrorControl SUCCESS Type: REG_DWORD, Length: 4, Data: 1
18:15:01,5513423 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ServiceAccountManaged NAME NOT FOUND Length: 16
18:15:01,5513567 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Tag NAME NOT FOUND Length: 16
18:15:01,5513702 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\DependOnService SUCCESS Type: REG_MULTI_SZ, Length: 14, Data: RPCSS
18:15:01,5513853 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\DependOnGroup NAME NOT FOUND Length: 268
18:15:01,5513984 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Group NAME NOT FOUND Length: 268
18:15:01,5514261 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS
18:15:01,5514382 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ObjectName SUCCESS Type: REG_SZ, Length: 24, Data: LocalSystem
18:15:01,5514521 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS
18:15:01,5536911 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:01,5537284 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ImagePath SUCCESS Type: REG_EXPAND_SZ, Length: 82, Data: %windir%\system32\svchost.exe -k iissvcs
18:15:01,5537600 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:01,5537823 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Type SUCCESS Type: REG_DWORD, Length: 4, Data: 32
18:15:01,5538039 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\StartOverride NAME NOT FOUND Desired Access: Query Value
18:15:01,5538226 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Start SUCCESS Type: REG_DWORD, Length: 4, Data: 2
18:15:01,5538653 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Start SUCCESS Type: REG_DWORD, Length: 4, Data: 2
18:15:01,5539450 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ErrorControl SUCCESS Type: REG_DWORD, Length: 4, Data: 1
18:15:01,5539612 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ServiceAccountManaged NAME NOT FOUND Length: 16
18:15:01,5539751 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Tag NAME NOT FOUND Length: 16
18:15:01,5539893 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\DependOnService SUCCESS Type: REG_MULTI_SZ, Length: 14, Data: RPCSS
18:15:01,5540060 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\DependOnGroup NAME NOT FOUND Length: 268
18:15:01,5540468 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Group NAME NOT FOUND Length: 26818:15:03,2385240 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:03,2385446 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ImagePath SUCCESS Type: REG_EXPAND_SZ, Length: 82, Data: %windir%\system32\svchost.exe -k iissvcs
18:15:03,2385633 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:03,2385750 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Type SUCCESS Type: REG_DWORD, Length: 4, Data: 32
18:15:03,2385854 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\StartOverride NAME NOT FOUND Desired Access: Query Value
18:15:03,2385945 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Start SUCCESS Type: REG_DWORD, Length: 4, Data: 2
18:15:03,2386025 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Start SUCCESS Type: REG_DWORD, Length: 4, Data: 2
18:15:03,2386100 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ErrorControl SUCCESS Type: REG_DWORD, Length: 4, Data: 1
18:15:03,2386170 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ServiceAccountManaged NAME NOT FOUND Length: 16
18:15:03,2386239 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Tag NAME NOT FOUND Length: 16
18:15:03,2386313 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\DependOnService SUCCESS Type: REG_MULTI_SZ, Length: 14, Data: RPCSS
18:15:03,2386393 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\DependOnGroup NAME NOT FOUND Length: 268
18:15:03,2386465 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Group NAME NOT FOUND Length: 268
18:15:03,2386641 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS
18:15:03,2386715 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ObjectName SUCCESS Type: REG_SZ, Length: 24, Data: LocalSystem
18:15:03,2386888 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS 18:15:03,2653344 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:03,2653643 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\FailureActions SUCCESS Type: REG_BINARY, Length: 44, Data: 80 51 01 00 01 00 00 00 01 00 00 00 03 00 00 00
18:15:03,2653871 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS
18:15:03,2653989 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:03,2654100 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ImagePath SUCCESS Type: REG_EXPAND_SZ, Length: 82, Data: %windir%\system32\svchost.exe -k iissvcs
18:15:03,2654259 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS
18:15:03,2654436 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:03,2654637 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\SvcHostSplitDisable SUCCESS Type: REG_DWORD, Length: 4, Data: 1
18:15:03,2654801 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS
18:15:03,2655908 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:03,2656137 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\ObjectName SUCCESS Type: REG_SZ, Length: 24, Data: LocalSystem
18:15:03,2656275 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS
18:15:03,2679162 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:03,2679292 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Environment NAME NOT FOUND Length: 268
18:15:03,2679395 services.exe 668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS
18:15:03,2813183 csrss.exe 452 IRP_MJ_CREATE C:\Windows\System32\svchost.exe.Config NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: AUTORIDADE NT\SISTEMA
18:15:03,2816062 services.exe 668 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS SUCCESS Desired Access: Read
18:15:03,2816175 services.exe 668 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\RequiredPrivileges BUFFER OVERFLOW Length: 268
18:15:03,3401656 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\ServiceDll SUCCESS Type: REG_EXPAND_SZ, Length: 78, Data: %windir%\system32\inetsrv\iisw3adm.dll
18:15:03,3401959 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\ServiceManifest NAME NOT FOUND Length: 144
18:15:03,3402112 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\ServiceMain NAME NOT FOUND Length: 144
18:15:03,3403389 svchost.exe 9232 FASTIO_NETWORK_QUERY_OPEN C:\Windows\System32\inetsrv\iisw3adm.dll FAST IO DISALLOWED
18:15:03,3404363 svchost.exe 9232 IRP_MJ_CREATE C:\Windows\System32\inetsrv\iisw3adm.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
18:15:03,3404750 svchost.exe 9232 FASTIO_QUERY_INFORMATION C:\Windows\System32\inetsrv\iisw3adm.dll SUCCESS Type: QueryBasicInformationFile, CreationTime: 29/09/2017 11:43:11, LastAccessTime: 30/09/2017 13:20:35, LastWriteTime: 30/09/2017 13:20:35, ChangeTime: 12/12/2017 19:37:41, FileAttributes: A
18:15:03,3404911 svchost.exe 9232 IRP_MJ_CLEANUP C:\Windows\System32\inetsrv\iisw3adm.dll SUCCESS
18:15:03,3405070 svchost.exe 9232 IRP_MJ_CLOSE C:\Windows\System32\inetsrv\iisw3adm.dll SUCCESS
18:15:03,3406013 svchost.exe 9232 IRP_MJ_CREATE C:\Windows\System32\inetsrv\iisw3adm.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
18:15:03,3406564 svchost.exe 9232 FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION C:\Windows\System32\inetsrv\iisw3adm.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE
18:15:03,3406942 svchost.exe 9232 FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION C:\Windows\System32\inetsrv\iisw3adm.dll SUCCESS
18:15:03,3407476 svchost.exe 9232 FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION C:\Windows\System32\inetsrv\iisw3adm.dll SUCCESS SyncType: SyncTypeOther
18:15:03,3775143 svchost.exe 9232 FASTIO_QUERY_INFORMATION C:\Windows\System32\inetsrv\iisres.dll SUCCESS Type: QueryBasicInformationFile, CreationTime: 29/09/2017 11:43:11, LastAccessTime: 30/09/2017 13:20:31, LastWriteTime: 30/09/2017 13:20:31, ChangeTime: 12/12/2017 19:37:41, FileAttributes: A
18:15:03,3775266 svchost.exe 9232 IRP_MJ_CLEANUP C:\Windows\System32\inetsrv\iisres.dll SUCCESS
18:15:03,3775415 svchost.exe 9232 IRP_MJ_CLOSE C:\Windows\System32\inetsrv\iisres.dll SUCCESS
18:15:03,3776336 svchost.exe 9232 IRP_MJ_CREATE C:\Windows\System32\inetsrv\iisres.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
18:15:03,3776866 svchost.exe 9232 FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION C:\Windows\System32\inetsrv\iisres.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE
18:15:03,3777529 svchost.exe 9232 FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION C:\Windows\System32\inetsrv\iisres.dll SUCCESS
18:15:03,3777646 svchost.exe 9232 FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION C:\Windows\System32\inetsrv\iisres.dll SUCCESS SyncType: SyncTypeOther
18:15:03,3777740 svchost.exe 9232 FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION C:\Windows\System32\inetsrv\iisres.dll SUCCESS
18:15:03,3778576 svchost.exe 9232 Load Image C:\Windows\System32\inetsrv\iisres.dll SUCCESS Image Base: 0x25f14650000, Image Size: 0x3b000
18:15:03,3778931 svchost.exe 9232 IRP_MJ_CLEANUP C:\Windows\System32\inetsrv\iisres.dll SUCCESS
18:15:03,3779127 svchost.exe 9232 IRP_MJ_CLOSE C:\Windows\System32\inetsrv\iisres.dll SUCCESS
18:15:03,3781217 svchost.exe 9232 FASTIO_NETWORK_QUERY_OPEN C:\Windows\System32\inetsrv\CRYPTSP.dll FAST IO DISALLOWED
18:15:03,3782051 svchost.exe 9232 IRP_MJ_CREATE C:\Windows\System32\inetsrv\CRYPTSP.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
18:15:03,3823147 svchost.exe 9232 RegOpenKey HKLM\Software\Microsoft\InetStp\Configuration NAME NOT FOUND Desired Access: Read
18:15:03,3835549 svchost.exe 9232 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\inetsrv\iisw3adm.dll SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\inetsrv\iisw3adm.dll
18:15:03,3858351 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS
18:15:03,3896142 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Control\Cryptography\Configuration REPARSE Desired Access: Read
18:15:03,3896269 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Control\Cryptography\Configuration SUCCESS Desired Access: Read
18:15:03,3896479 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Control\Cryptography\Configuration SUCCESS
18:15:03,3901094 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters REPARSE Desired Access: Read
18:15:03,3901180 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS Desired Access: Read
18:15:03,3901349 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\StartupWaitHintInMilliseconds NAME NOT FOUND Length: 144
18:15:03,3901432 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS
18:15:03,3918415 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters\SystemSettings REPARSE Desired Access: Read
18:15:03,3918597 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters\SystemSettings NAME NOT FOUND Desired Access: Read
18:15:03,3919820 svchost.exe 9232 RegOpenKey HKU\.DEFAULT\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration NAME NOT FOUND Desired Access: Read
18:15:03,3920564 svchost.exe 9232 RegOpenKey HKU\.DEFAULT\Control Panel\Desktop\LanguageConfiguration NAME NOT FOUND Desired Access: Read
18:15:03,3923861 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Control\CMF\Config REPARSE Desired Access: Read
18:15:03,3924044 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Control\CMF\Config SUCCESS Desired Access: Read
18:15:03,3924200 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Control\CMF\Config\SYSTEM SUCCESS Type: REG_DWORD, Length: 4, Data: 3
18:15:03,3924301 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Control\CMF\Config SUCCESS
18:15:03,3933736 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters REPARSE Desired Access: Read
18:15:03,3933830 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS Desired Access: Read
18:15:03,3934030 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationEnabled NAME NOT FOUND Length: 144
18:15:03,3934123 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS
18:15:03,3934378 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters REPARSE Desired Access: Read
18:15:03,3934459 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS Desired Access: Read
18:15:03,3934669 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationPath NAME NOT FOUND Length: 144
18:15:03,3934998 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS
18:15:03,3935441 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters REPARSE Desired Access: Read
18:15:03,3935527 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS Desired Access: Read
18:15:03,3935692 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationSectionsExcluded NAME NOT FOUND Length: 144
18:15:03,3935944 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS
18:15:03,3936177 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters REPARSE Desired Access: Read
18:15:03,3936258 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS Desired Access: Read
18:15:03,3936412 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationSectionsIncluded NAME NOT FOUND Length: 144
18:15:03,3936638 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS
18:15:03,3941436 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters REPARSE Desired Access: Read
18:15:03,3941577 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS Desired Access: Read
18:15:03,3942278 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\CreateSharedMachineKeyLocation NAME NOT FOUND Length: 144
18:15:03,3942367 svchost.exe 9232 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS
18:15:03,3942772 svchost.exe 9232 RegOpenKey HKLM\SYSTEM\CurrentControlSet\Services\WAS\Parameters\ REPARSE Desired Access: Read/Write
18:15:03,3942864 svchost.exe 9232 RegOpenKey HKLM\System\CurrentControlSet\Services\WAS\Parameters SUCCESS Desired Access: Read/Write
18:15:03,3943192 svchost.exe 9232 RegQueryValue HKLM\System\CurrentControlSet\Services\WAS\Parameters\NanoSetup SUCCESS Type: REG_DWORD, Length: 4, Data: 1
18:15:03,3982593 svchost.exe 2848 IRP_MJ_DIRECTORY_CONTROL C:\Windows\System32\inetsrv\Config SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
18:15:03,3982841 svchost.exe 2848 IRP_MJ_DIRECTORY_CONTROL C:\Windows\System32\inetsrv\Config SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
18:15:03,3983025 svchost.exe 2848 IRP_MJ_DIRECTORY_CONTROL C:\Windows\System32\inetsrv\Config SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
18:15:03,3983194 svchost.exe 2848 IRP_MJ_DIRECTORY_CONTROL C:\Windows\System32\inetsrv\Config SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
18:15:03,3983318 svchost.exe 2848 IRP_MJ_DIRECTORY_CONTROL C:\Windows\System32\inetsrv\Config SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
18:15:03,3983416 svchost.exe 2848 IRP_MJ_DIRECTORY_CONTROL C:\Windows\System32\inetsrv\Config SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
18:15:03,4167740 csrss.exe 452 IRP_MJ_CREATE C:\Windows\System32\cmd.exe.Config NAME NOT FOUND Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: AUTORIDADE NT\SISTEMA
18:15:03,4259260 System 4 IRP_MJ_CREATE C:\Windows\System32\inetsrv\iissetup.exe SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
18:15:03,4260443 System 4 IRP_MJ_SET_INFORMATION C:\Windows\System32\inetsrv\iissetup.exe SUCCESS Type: SetBasicInformationFile, CreationTime: -1, LastAccessTime: -1, LastWriteTime: -1, ChangeTime: -1, FileAttributes: n/a
18:15:03,4260568 System 4 IRP_MJ_QUERY_INFORMATION C:\Windows\System32\inetsrv\iissetup.exe SUCCESS Type: QueryAttributeTagFile, Attributes: A, ReparseTag: 0x0
18:15:03,4260658 System 4 IRP_MJ_QUERY_INFORMATION C:\Windows\Sys
How can I fix this?
The failure seemed to be caused by WAS could not access the machine keys left over from the old OS. These machine keys are used for encrypting sensitive information in applicationHost.config or web.config (e.g. user password or connection string). Deleting these keys and letting WAS regenerating them could solve the problem with a side effect:
Previously encrypted configuration (before the OS upgrade), if there is any, needs to be reconfigured and re-encrypted again, since WAS won't be able to decrypt the original ones (encrypted by the old keys) using the new keys.
Here are the steps to delete the old machine keys:
Go to your RSA machine keys folder: C:\Users\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
Find a machine key (file) whose name starts with d6d986f09a1ee04e24c949879fdb506c_*. If you open it using notepad, you should see plain text "NetFrameworkConfigurationKey".
Backup this file to some other folder.
Delete this file.
Following the same steps as 2-4 to backup and delete iisWasKey: 76944fb33636aeddb9590521c2e8815a_*
Following the same steps as 2-4 to backup and delete iisConfigurationKey: 6de9cb26d2b98c01ec4e9e8b34824aa2_*
Manually start WAS