When trying to access the SMP Console an HTTP 503 error message is seen.

While looking at the Application Pools, the Default AppPool, SMP Server AppPool and Symantec Agent AppPool are in a stop state. Looking at the Application and System Event logs, the following errors were present:

Windows System logs errors:

The IIS Admin Service service terminated with the following service-specific error: 

Invalid Signature
A fatal error occurred while creating an SSL client credential. The internal error state is 10013.

Windows Application logs errors:

The worker process for application pool 'DefaultAppPool' encountered an error 'Failed to decrypt attribute 'password' because the keyset does not exist
' trying to read configuration data from file '\\?\C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config', line number '229'. The data field contains the error code

The worker process for application pool 'Symantec Agent AppPool' encountered an error 'Failed to decrypt attribute 'password' because the keyset does not exist
' trying to read configuration data from file '\\?\C:\inetpub\temp\apppools\Symantec Agent AppPool\Symantec Agent AppPool.config', line number '229'. The data field contains the error code

The worker process for application pool 'SMP Server AppPool' encountered an error 'Failed to decrypt attribute 'password' because the keyset does not exist
' trying to read configuration data from file '\\?\C:\inetpub\temp\apppools\SMP Server AppPool\SMP Server AppPool.config', line number '229'. The data field contains the error code.

If we inspect the mentioned line number (in this example above it is line number '229'), the line looks like this one:

<virtualDirectory path="/pkggroup_ujx3culrnnxtx7hhefhbc565rdl2uymt" physicalPath="\\MyPackagesRepository\Apps$" userName="epm\Administrator" password="[enc:AesProvider:zmGHs+r0Mn2CRm7gWNJl8WzymQbcj0K9CRG1LtyKJVs=:enc]" />

ITMS 8.x

According to the error message, IIS can't decrypt the provided password in that affected line:

password="[enc:AesProvider:zmGHs+r0Mn2CRm7gWNJl8WzymQbcj0K9CRG1LtyKJVs=:enc]"

In this particular example the issue was caused because IIS_IUSRS group didn't have access to the MachineKeys in order to decrypt the password.

This usually means there's a problem using the MachineKeys to decrypt encrypted data in the config. This can be caused by file permissions on the MachineKeys directory.

To resolve,

1. Ensure IIS_IUSRS group has Read/Browse access on C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, confirm permissions has propagated to key files correctly.
2. After that, restart IIS (by running iisreset from the command prompt)

175310 "Unable to open Certificate Management page: Unknown error (0x80005000)"

212574 "MachineKeys folder is growing too large"