Keyset Does Not Exist - 6 Ways To Solve It

Home » How-To

Reading time icon 4 min. read

Calendar icon Published on

by Dennis Otieno 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Open MMC, manage SSL certificate private keys, and add permissions for the IIS user.
  • Run iisreset in Command Prompt as Administrator to restart IIS.
  • Go to Windows Security > Device Security > Security Processor Details > Security Processor Troubleshooting > Clear TPM, then restart your computer.
Keyset Does Not Exist

The “Keyset does not exist” error in Internet Information Services (IIS) often arises due to issues with accessing the SSL certificate’s private key. This can prevent IIS from properly loading and using the certificate, which can impact secure website connections. Fortunately, there are several ways to resolve this issue. 

Let me show you how!

Grant IIS User Access to the Certificate’s Private Key

Ensure that the Internet Information Services (IIS) user has permission to access the private key. Without these permissions, IIS won’t be able to load the SSL certificate correctly. Here’s how:

  1. Press Windows Key + R to open the Run dialog, type mmc, and press Enter.
Type mmc
  1. In the Microsoft Management Console (MMC), go to File > Add/Remove Snap-in.
File > Add/Remove Snap-in
  1. Select Certificates, click Add, choose Computer account, then click Next > Finish > OK.
Choose Computer account
  1. Now, expand Certificates (Local Computer) > Personal > Certificates to find your SSL certificate.
Certificates (Local Computer) > Personal > Certificates
  1. Right-click the certificate you need to adjust, then select All Tasks > Manage Private Keys
Select All Tasks > Manage Private Keys
  1. Tap Add to include a new user in the Permissions window.
Tap Add

Perform an IISRESET

Once the permissions are set, it’s important to restart IIS to ensure the changes take effect and resolve any issues related to key access. An IISRESET is a simple command that restarts IIS and clears any active issues with certificate bindings or services. Follow the steps below:

  1. Press the Windows Key + S, type CMD, and click Run as Administrator.
Click Run as Administrator
  1. Type iisreset and press Enter.
Type iisreset

Delete Work or School Account

Another fix is to remove any associated Work or School accounts that may be interfering with the certificate access. Sometimes, these accounts can create conflicts or override permissions. Here’s how:

  1. Press the Windows Key + I to open Settings.
  2. Go to Accounts > Access work or school.
Accounts > Access work or school
  1. Select any listed accounts that might be causing issues and click Disconnect
  2. Restart the machine to ensure the changes take effect.

Remove the Cryptographic Services File

The Cryptographic Services file manages certificate and key information in Windows. If this file is corrupted or misconfigured, it can prevent IIS from accessing the certificate’s private key. Removing it can help reset any issues with cryptographic services. Follow the steps below:

  1. Open Services.msc by pressing Windows Key + R and typing services.msc. Press Enter.
Type services.msc
  1. Locate Cryptographic Services, right-click on it, and choose Stop.
Stop Cryptographic Services
  1. Open File Explorer and go to C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSA. Delete all files but don’t delete the folders.
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSA
  1. Go back to Services.msc, find Cryptographic Services, right-click, and choose Start to restart it.
Start Cryptographic Services

Clear the TPM Keys

If TPM is in use and is causing issues with certificate access, clearing the TPM keys might help. Be aware that this will remove all stored cryptographic keys, which could affect other services relying on TPM. Here’s how:

  1. Press Windows Key + S, type Windows Security, and click Open.
Type Windows Security
  1. Next, choose Device Security.
Device Security
  1. Click on Security Processor Details.
  1. Tap Security Processor Troubleshooting.
Security Processor Troubleshooting
  1. Now, click Clear TPM and then restart the machine. Check if the “Keyset does not exist” error is resolved.
Clear TPM

Disable Hyper-V

Hyper-V is a virtualization feature in Windows that can sometimes conflict with certificate access, especially if virtual machines are using resources like TPM. Disabling Hyper-V can resolve such conflicts. Follow the steps below:

  1. Open Command Prompt again as Administrator.
  2. Type bcdedit /set hypervisorlaunchtype off and hit Enter to disable Hyper-V.
Type bcdedit /set hypervisorlaunchtype off
  1. Restart the computer to ensure Hyper-V is fully disabled.

Alternatively, you can disable it through the Windows Features menu:

  1. Press Windows Key + R, type OptionalFeatures.exe, and click Enter.
Type OptionalFeatures.exe
  1. Uncheck Hyper-V, then click OK.
Uncheck Hyper-V

Restart your PC and check if the error is solved.

The “Keyset does not exist” error can be frustrating but it’s easy to solve. Follow the solutions above to ensure IIS has the proper permissions to access the private key, reset necessary services, and address potential conflicts with TPM, and Hyper-V. 

Also, learn how to fix different computer errors like “DLLRegisterserver was not found”, AMD error code 43, and “Your request cannot be completed right now”.

Dennis Otieno

Dennis Otieno Shield

Tech Content Writer

Dennis is a tech content writer who loves writing engaging articles on the latest technology trends, cybersecurity, and software reviews. He breaks down complex topics into reader-friendly content to help audiences relate to every concept.

User forum

0 messages