Private keys get deleted unexpectedly in Windows Server 2008 R2


I am facing a strange problem in developing an installation that should in one of the steps install a certificate.

The problem has to do with granting Certificate’s private key access for an account (e.g. IIS_IUSRS) on Windows Server 2008 R2. The private keys are stored in the location C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys.

A custom C# Setup Project imports a Certificate and gives access for an account on Certificate’s private key during the installation process. After some time (2-3 sec) the private key file is automatically deleted from the MachineKeys folder. Thus the installed Web Application cannot access the specific certificate and displays the following error message:

“System.Security.Cryptography.CryptographicException: Keyset does not exist”. This error occurs only on Windows Server 2008 R2, while for Windows Server 2003 everything is working correctly.

My question is, why the private key gets deleted and which process does this?


UPDATE 17/05/2012

I have not yet found a solution to the described problem, and no response has been posted on the other forums where I asked (, So, can anyone suggest any other resources or advice for further troubleshooting this issue?

Thanks again


This was happening to me too – my setup script would add the cert and grant access to the PK file fine, and the app would work. Then later, after I had closed the PowerShell editor I re-launched the app and it failed with a keyset not found.

Adding the PersistKeySet flag when importing the cert fixed the problem. Here’s the PowerShell code for adding the cert and private key with persistence:


Private keys get deleted unexpectedly in Windows Server 2008 R2 by licensed under CC BY-SA | With most appropriate answer!

Leave a Reply