MSDeploy automatic encryption of connection strings, key not found in dictionary

Question

Since Web Deploy 3.5 automatic encryption of connection strings is supported using the flag: –EnableRule:EncryptWebConfig. However, upon running it with:

"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:package='C:\[...]\MyApp.WebDeployPackage.zip' -dest:auto,includeAcls="False" -verb:sync -disableLink:AppPoolExtension -disableLink:ContentExtension -disableLink:CertificateExtension -setParamFile:"C:\[...]\MyApp.SetParameters.xml" -EnableRule:EncryptWebConfig  -verbose

I get:

Error Code: ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG
More Information: Failed to encrypt destination web.config: C:\[...]\Web.config.  
Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG.
Error: The given key was not present in the dictionary.

The Learn more-link points to dated documentation, and I can't seem to find any info online.

I suspect the tool is using aspnet_regiis behind the scenes, but I'm not sure. Yes, I'm running the above with full Admin-rights.

Answer 1

I had the same problem, but it wasn't due to a nested web.config file. Turns out for some reason my deploy user wasn't able to access the key container (in the Web Deployment Service error logs, the exception thrown was System.Configuration.ConfigurationErrorsException: The RSA key container could not be opened. ).

I ended up using this command: aspnet_regiis -pa "NetFrameworkConfigurationKey" "<MYUSER>" to give <MYUSER> the necessary access.