End users are unable to log in to their Application Portal or perform SSO login to applications with IWA. When the users try to log in using their usernames and passwords they succeed, thus it is not an issue with the portal itself.
They are seeing error Keyset does not exist and hangs on that page Image description In the Event viewer, you will notice the error below:
This problem occurs because the LOCAL SERVICE & the IIS_USRS accounts don't have Full Control access on the Machinekeys Folder and specifically on the iisWasKey below:
that is located in the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
To resolve this problem, follow these steps:
Locate the Folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
Right-click the Machine Keys folder, and then select Properties.
Select the Security tab, and then select Edit. If you're asked whether you want to continue the operation, select Continue. Then, the list of group names and user names that have access to this key file appears in the Permissions dialog box.
Select Add. Then, the Select Users, Computers, Service Accounts, or Groups dialog box appears.