IIS Keys: Machine Keys, WAS Keys, IIS Configuration Keys

windows-server-2016 iis

There are only really two keys not three.

There is the IISConfigurationKey ("Machine Key") Which can live in the webroot, or in the global system config, and the iisWasKey. Essentially you can override the global machine key by having one in the app config.

The Machine Key is used to encrypt configuration sections. This is the key that will be used to encrypt things like configuration strings, and other bits that you can specify as part of the app.config.

The iisWasKey is used to encrypt the application pool identity.

So you need the private key from the machine that setup the IIS configuration on all IIS server in the farm to be able to decrypt and run the config you are pushing out.

Reference 1
Reference 2

Related

How to transfer Public IP address from One project to another Project in GCP
zdb doesn’t recognize my pool?
Configure Basic Authentication on Azure's App Service
Active Directory migration from Windows 2003 to Windows 2016
Old ssl cert still showing up in browser after installing new
How to only look at the last 10 minutes of a log and grep for statement
Wrong password during pfx certificate import Windows(10, 2016)
Amazon AWS Ephemeral disks and RAID1
How to see what is my Amazon rds password
Is it possible to configure Nginx to accept requests both with and without proxy protocol to the same URL?
autoindex list UTF-8 charset in Nginx
How to fix "NoCredentialProviders: no valid providers in chain. Deprecated."?