Windows Process Activation Service not starting - error 13

André Luchesi picture André Luchesi · Dec 27, 2017 · Viewed 8.6k times · Source

I have IIS version 10 installed on Windows 10 Pro Version 1709, build 16299.125.

After a Windows update, IIS stopped working. I saw that W3SVC isn't working, because WAS (Windows Process Activation Service) can't be started. When I try to start WAS, Windows display the message:

Windows can't start Windows Process Aplication Service on Local Computer. Error 13: The data are invalid

Looking at Windows Event Log, I see that WAS didn't started due event ID 5005, 5215 and Service Control Manager stopped due event ID 7023.

I did some research and tried a lot of stuff:

  1. I tried the commands as suggested here https://stackoverflow.com/a/39969350/9146236

  2. This is the IIS log:

    [12/26/2017 17:36:37] [ ***** IIS 10.0 Component Based Setup ***** ]
    [12/26/2017 17:36:37] .\inetsrv\iissetup.exe  /install SharedLibraries /nano 
    [12/26/2017 17:36:37] Setting Installation Type to Nano
    [12/26/2017 17:36:37] Successfully added IIS_IUSRS ACE to DACL at %ProgramData%\Microsoft\Windows\WER\ReportQueue.
    [12/26/2017 17:36:38] < !!FAIL!! > Failed to create the NetFrameworkConfigurationKey key container (result=0x8009000f)
    [12/26/2017 17:36:38] < !!FAIL!! > Install of component SharedLibraries result=0x8009000f
    [12/26/2017 17:36:38] < !!FAIL!! > COMPONENT::ExecuteCommand result=0x8009000f
    [12/26/2017 17:36:38] [ End of IIS 10.0 Component Based Setup ]
    
  3. I executed Process Monitor and got some info about WAS and inetsrv:

    17:36:37,8212043    conhost.exe 10620   FASTIO_NETWORK_QUERY_OPEN   C:\WINDOWS\inetsrv\iissetup.exe  \install SharedLibraries \nano FAST IO DISALLOWED  
    17:36:37,8212488    conhost.exe 10620   IRP_MJ_CREATE   C:\WINDOWS\inetsrv\iissetup.exe  \install SharedLibraries \nano PATH NOT FOUND  Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
    

    and:

    18:15:01,5512834    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\StartOverride    NAME NOT FOUND  Desired Access: Query Value
    18:15:01,5512974    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Start    SUCCESS Type: REG_DWORD, Length: 4, Data: 2
    18:15:01,5513106    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Start    SUCCESS Type: REG_DWORD, Length: 4, Data: 2
    18:15:01,5513231    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ErrorControl SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:15:01,5513423    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ServiceAccountManaged    NAME NOT FOUND  Length: 16
    18:15:01,5513567    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Tag  NAME NOT FOUND  Length: 16
    18:15:01,5513702    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\DependOnService  SUCCESS Type: REG_MULTI_SZ, Length: 14, Data: RPCSS
    18:15:01,5513853    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\DependOnGroup    NAME NOT FOUND  Length: 268
    18:15:01,5513984    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Group    NAME NOT FOUND  Length: 268
    18:15:01,5514261    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 
    18:15:01,5514382    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ObjectName   SUCCESS Type: REG_SZ, Length: 24, Data: LocalSystem
    18:15:01,5514521    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 
    18:15:01,5536911    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:01,5537284    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ImagePath    SUCCESS Type: REG_EXPAND_SZ, Length: 82, Data: %windir%\system32\svchost.exe -k iissvcs
    18:15:01,5537600    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:01,5537823    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Type SUCCESS Type: REG_DWORD, Length: 4, Data: 32
    18:15:01,5538039    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\StartOverride    NAME NOT FOUND  Desired Access: Query Value
    18:15:01,5538226    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Start    SUCCESS Type: REG_DWORD, Length: 4, Data: 2
    18:15:01,5538653    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Start    SUCCESS Type: REG_DWORD, Length: 4, Data: 2
    18:15:01,5539450    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ErrorControl SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:15:01,5539612    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ServiceAccountManaged    NAME NOT FOUND  Length: 16
    18:15:01,5539751    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Tag  NAME NOT FOUND  Length: 16
    18:15:01,5539893    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\DependOnService  SUCCESS Type: REG_MULTI_SZ, Length: 14, Data: RPCSS
    18:15:01,5540060    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\DependOnGroup    NAME NOT FOUND  Length: 268
    18:15:01,5540468    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Group    NAME NOT FOUND  Length: 26818:15:03,2385240 services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:03,2385446    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ImagePath    SUCCESS Type: REG_EXPAND_SZ, Length: 82, Data: %windir%\system32\svchost.exe -k iissvcs
    18:15:03,2385633    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:03,2385750    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Type SUCCESS Type: REG_DWORD, Length: 4, Data: 32
    18:15:03,2385854    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\StartOverride    NAME NOT FOUND  Desired Access: Query Value
    18:15:03,2385945    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Start    SUCCESS Type: REG_DWORD, Length: 4, Data: 2
    18:15:03,2386025    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Start    SUCCESS Type: REG_DWORD, Length: 4, Data: 2
    18:15:03,2386100    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ErrorControl SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:15:03,2386170    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ServiceAccountManaged    NAME NOT FOUND  Length: 16
    18:15:03,2386239    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Tag  NAME NOT FOUND  Length: 16
    18:15:03,2386313    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\DependOnService  SUCCESS Type: REG_MULTI_SZ, Length: 14, Data: RPCSS
    18:15:03,2386393    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\DependOnGroup    NAME NOT FOUND  Length: 268
    18:15:03,2386465    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Group    NAME NOT FOUND  Length: 268
    18:15:03,2386641    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 
    18:15:03,2386715    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ObjectName   SUCCESS Type: REG_SZ, Length: 24, Data: LocalSystem
    18:15:03,2386888    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 18:15:03,2653344    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:03,2653643    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\FailureActions   SUCCESS Type: REG_BINARY, Length: 44, Data: 80 51 01 00 01 00 00 00 01 00 00 00 03 00 00 00
    18:15:03,2653871    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 
    18:15:03,2653989    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:03,2654100    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ImagePath    SUCCESS Type: REG_EXPAND_SZ, Length: 82, Data: %windir%\system32\svchost.exe -k iissvcs
    18:15:03,2654259    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 
    18:15:03,2654436    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:03,2654637    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\SvcHostSplitDisable  SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:15:03,2654801    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 
    18:15:03,2655908    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:03,2656137    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\ObjectName   SUCCESS Type: REG_SZ, Length: 24, Data: LocalSystem
    18:15:03,2656275    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 
    18:15:03,2679162    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:03,2679292    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Environment  NAME NOT FOUND  Length: 268
    18:15:03,2679395    services.exe    668 RegCloseKey HKLM\System\CurrentControlSet\Services\WAS  SUCCESS 
    18:15:03,2813183    csrss.exe   452 IRP_MJ_CREATE   C:\Windows\System32\svchost.exe.Config  NAME NOT FOUND  Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: AUTORIDADE NT\SISTEMA
    18:15:03,2816062    services.exe    668 RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS  SUCCESS Desired Access: Read
    18:15:03,2816175    services.exe    668 RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\RequiredPrivileges   BUFFER OVERFLOW Length: 268
    18:15:03,3401656    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\ServiceDll    SUCCESS Type: REG_EXPAND_SZ, Length: 78, Data: %windir%\system32\inetsrv\iisw3adm.dll
    18:15:03,3401959    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\ServiceManifest   NAME NOT FOUND  Length: 144
    18:15:03,3402112    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\ServiceMain   NAME NOT FOUND  Length: 144
    18:15:03,3403389    svchost.exe 9232    FASTIO_NETWORK_QUERY_OPEN   C:\Windows\System32\inetsrv\iisw3adm.dll    FAST IO DISALLOWED  
    18:15:03,3404363    svchost.exe 9232    IRP_MJ_CREATE   C:\Windows\System32\inetsrv\iisw3adm.dll    SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
    18:15:03,3404750    svchost.exe 9232    FASTIO_QUERY_INFORMATION    C:\Windows\System32\inetsrv\iisw3adm.dll    SUCCESS Type: QueryBasicInformationFile, CreationTime: 29/09/2017 11:43:11, LastAccessTime: 30/09/2017 13:20:35, LastWriteTime: 30/09/2017 13:20:35, ChangeTime: 12/12/2017 19:37:41, FileAttributes: A
    18:15:03,3404911    svchost.exe 9232    IRP_MJ_CLEANUP  C:\Windows\System32\inetsrv\iisw3adm.dll    SUCCESS 
    18:15:03,3405070    svchost.exe 9232    IRP_MJ_CLOSE    C:\Windows\System32\inetsrv\iisw3adm.dll    SUCCESS 
    18:15:03,3406013    svchost.exe 9232    IRP_MJ_CREATE   C:\Windows\System32\inetsrv\iisw3adm.dll    SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
    18:15:03,3406564    svchost.exe 9232    FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION  C:\Windows\System32\inetsrv\iisw3adm.dll    FILE LOCKED WITH ONLY READERS   SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE
    18:15:03,3406942    svchost.exe 9232    FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION  C:\Windows\System32\inetsrv\iisw3adm.dll    SUCCESS 
    18:15:03,3407476    svchost.exe 9232    FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION  C:\Windows\System32\inetsrv\iisw3adm.dll    SUCCESS SyncType: SyncTypeOther
    18:15:03,3775143    svchost.exe 9232    FASTIO_QUERY_INFORMATION    C:\Windows\System32\inetsrv\iisres.dll  SUCCESS Type: QueryBasicInformationFile, CreationTime: 29/09/2017 11:43:11, LastAccessTime: 30/09/2017 13:20:31, LastWriteTime: 30/09/2017 13:20:31, ChangeTime: 12/12/2017 19:37:41, FileAttributes: A
    18:15:03,3775266    svchost.exe 9232    IRP_MJ_CLEANUP  C:\Windows\System32\inetsrv\iisres.dll  SUCCESS 
    18:15:03,3775415    svchost.exe 9232    IRP_MJ_CLOSE    C:\Windows\System32\inetsrv\iisres.dll  SUCCESS 
    18:15:03,3776336    svchost.exe 9232    IRP_MJ_CREATE   C:\Windows\System32\inetsrv\iisres.dll  SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
    18:15:03,3776866    svchost.exe 9232    FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION  C:\Windows\System32\inetsrv\iisres.dll  FILE LOCKED WITH ONLY READERS   SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE_READ|PAGE_NOCACHE
    18:15:03,3777529    svchost.exe 9232    FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION  C:\Windows\System32\inetsrv\iisres.dll  SUCCESS 
    18:15:03,3777646    svchost.exe 9232    FASTIO_ACQUIRE_FOR_SECTION_SYNCHRONIZATION  C:\Windows\System32\inetsrv\iisres.dll  SUCCESS SyncType: SyncTypeOther
    18:15:03,3777740    svchost.exe 9232    FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION  C:\Windows\System32\inetsrv\iisres.dll  SUCCESS 
    18:15:03,3778576    svchost.exe 9232    Load Image  C:\Windows\System32\inetsrv\iisres.dll  SUCCESS Image Base: 0x25f14650000, Image Size: 0x3b000
    18:15:03,3778931    svchost.exe 9232    IRP_MJ_CLEANUP  C:\Windows\System32\inetsrv\iisres.dll  SUCCESS 
    18:15:03,3779127    svchost.exe 9232    IRP_MJ_CLOSE    C:\Windows\System32\inetsrv\iisres.dll  SUCCESS 
    18:15:03,3781217    svchost.exe 9232    FASTIO_NETWORK_QUERY_OPEN   C:\Windows\System32\inetsrv\CRYPTSP.dll FAST IO DISALLOWED  
    18:15:03,3782051    svchost.exe 9232    IRP_MJ_CREATE   C:\Windows\System32\inetsrv\CRYPTSP.dll NAME NOT FOUND  Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
    18:15:03,3823147    svchost.exe 9232    RegOpenKey  HKLM\Software\Microsoft\InetStp\Configuration   NAME NOT FOUND  Desired Access: Read
    18:15:03,3835549    svchost.exe 9232    IRP_MJ_QUERY_INFORMATION    C:\Windows\System32\inetsrv\iisw3adm.dll    SUCCESS Type: QueryNameInformationFile, Name: \Windows\System32\inetsrv\iisw3adm.dll
    18:15:03,3858351    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS 
    18:15:03,3896142    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Control\Cryptography\Configuration    REPARSE Desired Access: Read
    18:15:03,3896269    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Control\Cryptography\Configuration    SUCCESS Desired Access: Read
    18:15:03,3896479    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Control\Cryptography\Configuration    SUCCESS 
    18:15:03,3901094    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   REPARSE Desired Access: Read
    18:15:03,3901180    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS Desired Access: Read
    18:15:03,3901349    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\StartupWaitHintInMilliseconds NAME NOT FOUND  Length: 144
    18:15:03,3901432    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS 
    18:15:03,3918415    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters\SystemSettings    REPARSE Desired Access: Read
    18:15:03,3918597    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters\SystemSettings    NAME NOT FOUND  Desired Access: Read
    18:15:03,3919820    svchost.exe 9232    RegOpenKey  HKU\.DEFAULT\Control Panel\Desktop\MuiCached\MachineLanguageConfiguration   NAME NOT FOUND  Desired Access: Read
    18:15:03,3920564    svchost.exe 9232    RegOpenKey  HKU\.DEFAULT\Control Panel\Desktop\LanguageConfiguration    NAME NOT FOUND  Desired Access: Read
    18:15:03,3923861    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Control\CMF\Config    REPARSE Desired Access: Read
    18:15:03,3924044    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Control\CMF\Config    SUCCESS Desired Access: Read
    18:15:03,3924200    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Control\CMF\Config\SYSTEM SUCCESS Type: REG_DWORD, Length: 4, Data: 3
    18:15:03,3924301    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Control\CMF\Config    SUCCESS 
    18:15:03,3933736    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   REPARSE Desired Access: Read
    18:15:03,3933830    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS Desired Access: Read
    18:15:03,3934030    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationEnabled    NAME NOT FOUND  Length: 144
    18:15:03,3934123    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS 
    18:15:03,3934378    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   REPARSE Desired Access: Read
    18:15:03,3934459    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS Desired Access: Read
    18:15:03,3934669    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationPath   NAME NOT FOUND  Length: 144
    18:15:03,3934998    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS 
    18:15:03,3935441    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   REPARSE Desired Access: Read
    18:15:03,3935527    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS Desired Access: Read
    18:15:03,3935692    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationSectionsExcluded   NAME NOT FOUND  Length: 144
    18:15:03,3935944    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS 
    18:15:03,3936177    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   REPARSE Desired Access: Read
    18:15:03,3936258    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS Desired Access: Read
    18:15:03,3936412    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\ConfigIsolationSectionsIncluded   NAME NOT FOUND  Length: 144
    18:15:03,3936638    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS 
    18:15:03,3941436    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   REPARSE Desired Access: Read
    18:15:03,3941577    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS Desired Access: Read
    18:15:03,3942278    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\CreateSharedMachineKeyLocation    NAME NOT FOUND  Length: 144
    18:15:03,3942367    svchost.exe 9232    RegCloseKey HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS 
    18:15:03,3942772    svchost.exe 9232    RegOpenKey  HKLM\SYSTEM\CurrentControlSet\Services\WAS\Parameters\  REPARSE Desired Access: Read/Write
    18:15:03,3942864    svchost.exe 9232    RegOpenKey  HKLM\System\CurrentControlSet\Services\WAS\Parameters   SUCCESS Desired Access: Read/Write
    18:15:03,3943192    svchost.exe 9232    RegQueryValue   HKLM\System\CurrentControlSet\Services\WAS\Parameters\NanoSetup SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    18:15:03,3982593    svchost.exe 2848    IRP_MJ_DIRECTORY_CONTROL    C:\Windows\System32\inetsrv\Config  SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
    18:15:03,3982841    svchost.exe 2848    IRP_MJ_DIRECTORY_CONTROL    C:\Windows\System32\inetsrv\Config  SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
    18:15:03,3983025    svchost.exe 2848    IRP_MJ_DIRECTORY_CONTROL    C:\Windows\System32\inetsrv\Config  SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
    18:15:03,3983194    svchost.exe 2848    IRP_MJ_DIRECTORY_CONTROL    C:\Windows\System32\inetsrv\Config  SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
    18:15:03,3983318    svchost.exe 2848    IRP_MJ_DIRECTORY_CONTROL    C:\Windows\System32\inetsrv\Config  SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
    18:15:03,3983416    svchost.exe 2848    IRP_MJ_DIRECTORY_CONTROL    C:\Windows\System32\inetsrv\Config  SUCCESS Type: NotifyChangeDirectory, Filter: FILE_NOTIFY_CHANGE_FILE_NAME, FILE_NOTIFY_CHANGE_DIR_NAME, FILE_NOTIFY_CHANGE_SIZE, FILE_NOTIFY_CHANGE_LAST_WRITE, FILE_NOTIFY_CHANGE_CREATION, FILE_NOTIFY_CHANGE_EA, FILE_NOTIFY_CHANGE_SECURITY, FILE_NOTIFY_CHANGE_STREAM_NAME, FILE_NOTIFY_CHANGE_STREAM_SIZE, FILE_NOTIFY_CHANGE_STREAM_WRITE
    18:15:03,4167740    csrss.exe   452 IRP_MJ_CREATE   C:\Windows\System32\cmd.exe.Config  NAME NOT FOUND  Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: AUTORIDADE NT\SISTEMA
    18:15:03,4259260    System  4   IRP_MJ_CREATE   C:\Windows\System32\inetsrv\iissetup.exe    SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Disposition: Open, Options: Non-Directory File, Complete If Oplocked, Attributes: N, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
    18:15:03,4260443    System  4   IRP_MJ_SET_INFORMATION  C:\Windows\System32\inetsrv\iissetup.exe    SUCCESS Type: SetBasicInformationFile, CreationTime: -1, LastAccessTime: -1, LastWriteTime: -1, ChangeTime: -1, FileAttributes: n/a
    18:15:03,4260568    System  4   IRP_MJ_QUERY_INFORMATION    C:\Windows\System32\inetsrv\iissetup.exe    SUCCESS Type: QueryAttributeTagFile, Attributes: A, ReparseTag: 0x0
    18:15:03,4260658    System  4   IRP_MJ_QUERY_INFORMATION    C:\Windows\Sys
    

How can I fix this?

Answer

Yanbing Shi picture Yanbing Shi · Mar 18, 2018

The failure seemed to be caused by WAS could not access the machine keys left over from the old OS. These machine keys are used for encrypting sensitive information in applicationHost.config or web.config (e.g. user password or connection string). Deleting these keys and letting WAS regenerating them could solve the problem with a side effect:

Previously encrypted configuration (before the OS upgrade), if there is any, needs to be reconfigured and re-encrypted again, since WAS won't be able to decrypt the original ones (encrypted by the old keys) using the new keys.

Here are the steps to delete the old machine keys:

  1. Go to your RSA machine keys folder: C:\Users\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

  2. Find a machine key (file) whose name starts with d6d986f09a1ee04e24c949879fdb506c_*. If you open it using notepad, you should see plain text "NetFrameworkConfigurationKey".

  3. Backup this file to some other folder.

  4. Delete this file.

  5. Following the same steps as 2-4 to backup and delete iisWasKey: 76944fb33636aeddb9590521c2e8815a_*

  6. Following the same steps as 2-4 to backup and delete iisConfigurationKey: 6de9cb26d2b98c01ec4e9e8b34824aa2_*

  7. Manually start WAS

    • Open a command prompt through "run as administrator".
    • net start was