We have a working IDP setup. As noted in the certificate documentation, to avoid the "Keyset does not exist" error, we've give the IIS_IUSRS account read/write access to the MachineKeys folder. For two years this setup worked fine. However, when we moved our site into a hosted (AZURE) environment we ran into a problem. We connect to our servers via RDP. Every six months the RDP service needs to renew a self-signed certificate, and apparently adding the permissions for the IIS_IUSRS prevents it from doing that. When the certificate renewal fails, it locks us out of RDP.
The hosting admins insist that the IIS_IUSRS account cannot have read/write access to the MachineKeys folder. The ComponentSpace certificate documentation specifies that it must. I need to find a solution to this issue. Please advise.