SharePoint / PSConfig is failing with error “Keyset does not exist

Symptom

Unable to join any servers to your Production SharePoint Farm. PSConfig is failing with error “Keyset does not exist”

 

From PSCDiagnostics Log:

Cause

PSCONFIG was failing while attempting to join a serer to the Farm with error “Keyset does not exist” because the PSCONFIG process was attempting to create the required Machine Keys with 2 different user accounts. For example, it started with domain\serviceaccount, then attempted to write the machine key with SYSTEM through LSASS.EXE. This caused the “Keyset does not exist” error because access was denied.

Resolution

To resolve this issue, we removed the SYSTEM account from the “MachineKeys” Folder (C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys).

More Information

After thoroughly inspecting the ACLs on the MachineKeys folder we found that the “SYSTEM” account was added in the security of this folder (This is not default).

The default persimmons on the MachineKeys Folder are as follows.

However, the servers that were failing to install SharePoint contained the SYSTEM account.

Leave a Reply