Failed to encrypt the section "appSettings" using provider "MyProvider". Error message from the provider: Object already exists

Question

This question has been asked many times but the accepted answers do not apply in this situation. This is not a duplicate.

From a command prompt on the server, opened as Administrator, I run the aspnet_regiis command to encrypt the appSettings section of my web.config using a custom provider. Success! It works. I examine the web.config in a text editor and the section is indeed encrypted. When I access a setting in that section, it is decrypted transparently. Perfect.

I want to add another value to the section, and do so on my development PC, copying the new plain-text web.config file up to the server, overwriting the old copy. Then I repeat the command:

aspnet_regiis -pef "appSettings" "c:\inetpub\wwwroot\foo" -prov "MyCustomEncryptionProvider" 

and this is when the error occurs.

Which object already exists? What is the error message referring to? Did overwriting the old file cause this error? If so, how do I fix it? I've tried decrypting the plain-text version of file that I'd copied up to the server (I get a success! message when I do so) and then re-encrypting, but the "object already exists" error persists.

Answer 1

Found the answer. Between the time of the first successful encryption and the second failed one, my domain identity was removed from a security group with ACL Read permissions on the MachineKeys folder:

\server1\c$\ProgramData\Microsoft\Crypto\RSA\MachineKeys

My domain identity was added back into that group and everything is working again.