U-Tools: Unique Tools for Windows System Administrators
U-Move Help

Must Copy Internet Information Services

The Internet Information Services (IIS) security database must be copied in order for IIS to run correctly.

Internet Information Services (IIS) provides web services on Windows. A key part of IIS is its security database, sometimes called the “metabase”. The security database contains a list of security settings for IIS.

Some parts of the security database are encrypted. The encryption key is tied to Active Directory. The IIS metabase must have a matching encryption key. If the encryption key does not match, the IISAdmin service will fail to start and will report the error message “Access Denied”. Therefore whenever you clone AD (and you intend to run IIS on the destination computer) you must always copy the IIS metabase.

How To Fix This Error

The only time you can skip moving the IIS security database is when the encryption key is unchanged. (For example, when restoring AD on the same computer or when moving AD to the destination computer a second time.)

The procedure to fix this error depends on whether or not the source computer had IIS installed. (See below.)

Procedure 1: The source computer did not have IIS installed

If the source computer did not have IIS installed, there is no encryption key to copy. In this case you must uninstall IIS from the destination computer. (You can re-install it later.) Use the following procedure.

To uninstall IIS on Windows Server 2012-2019:

  1. Start Server Manager and select the domain controller.
  2. Select Manage -> Remove Roles and Features.
  3. Uncheck the box next to Web Server (IIS) and click Next.
  4. Click Remove to uninstall IIS.

To uninstall IIS on Windows Server 2008 R2:

  1. Click on Start -> Control Panel -> System and Security -> Administrative Tools -> Server Manager.
  2. Right-click on Roles -> Remove Roles.
  3. Uncheck the box next to Web Server (IIS) and click Next.
  4. Click Remove to uninstall IIS.