Bad Data error when configuring IIS on a sysprepped machine

I was recently installing some SharePoint farms with my favorite AutoSPInstaller script. Unfortunately, when trying to create the farm with New-SPConfigurationDatabase I was greeted with the following error message on every machine:

Exception: System.Runtime.InteropServices.COMException (0x80090005): Bad Data. (Exception from HRESULT: 0x80090005)

I began by checking the usual suspects like the username/password combination of my farm account, the AutoSPInstaller XML file etc. I even fired up the PowerShell ISE tool to set some breakpoints to find my error. Sure enough, I couldn’t find a thing. I tried creating a new farm by running the PowerShell cmdlet manually and by running the configuration wizard GUI application. I know I should’ve checked them sooner, but the ULS logs revealed the following information:

06/19/2012 12:29:06  9  INF                    Now joining to farm at server [servername] database SharePoint_Config

06/19/2012 12:29:28  9  ERR                    Task configdb has failed with an unknown exception

06/19/2012 12:29:28  9  ERR                    Exception: System.Runtime.InteropServices.COMException (0x80090005): Bad Data. (Exception from HRESULT: 0x80090005)

at Microsoft.Web.Administration.Interop.AppHostWritableAdminManager.CommitChanges()

at Microsoft.Web.Administration.Configuration.CommitChanges()

at Microsoft.Web.Administration.ConfigurationManager.CommitChanges()

at Microsoft.Web.Administration.ServerManager.CommitChanges()

at Microsoft.SharePoint.Administration.SPIisServerManager.CommitChanges(ApplyChanges applyChanges)

at Microsoft.SharePoint.Administration.SPIisProvisioningAssistant.ProvisionApplicationPool(String name, SecurityIdentifier sid, String password, SPIisApplicationPoolSettings settings)

at Microsoft.SharePoint.Administration.SPIisWebServiceApplicationPool.ProvisionLocal(SPIisWebServiceApplicationPoolProvisioningOptions options)

at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.ProvisionApplicationInstance()

at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.ProvisionLocal(SPServiceInstance serviceInstance)

at Microsoft.SharePoint.Administration.SPIisWebServiceInstance.Provision()

at Microsoft.SharePoint.Administration.SPFarm.Join()

at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()

at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()

at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

Clearly it had something to do with IIS and the creation of application pools. I opened up the IIS manager and tried creating a new application pool. As soon as I tried to change the application pool identity to a domain user account I was hit with the same error.

Apparently the machines I was provided with had the Windows Process Activation service (WAS) installed and were sysprepped afterwards. What happened is that the applicationhost.config file (IIS metabase) contained encrypted sections that could not be decrypted anymore. As the machine was sysprepped, the server received another machine key – which is used to encrypt/decrypt sensitive information in the IIS metabase. However, the IIS applicationhost.config was not changed leaving it with content that cannot be decrypted anymore.

The fix is removing WAS and any other IIS component from the sysprepped machine. After that you can deploy IIS again, preferably with the SharePoint prerequisites installer.

More information can be found on the IIS Support blog and this rather old knowledge base article.