"aspnet_regiis -pa" doesn't work

I use Protected Configuration to store sensitive data encrypted in the Web.config file of our asp.net application.
I have followed the steps in Walkthrough: Creating and Exporting an RSA Key Container to generate and export a private key.
I have followed the steps in Walkthrough: Encrypting Configuration Information Using Protected Configuration to encrypt a section of the Web.config file using that key.

My problem is that I am unable to use that key on the test environment, due to strange behaviour from the aspnet_regiis command.

I have been able to get the thing to work on a colleague's computer that runs Windows 8. Both the aspnet_regiis -pi command (importing the private key) and the aspnet_regiis -pa (granting access to the private key) worked without problems there.

On the test environment that runs Windows 7, I have been able to successfully import the private key into the key container using aspnet_regiis -pi <KeyContainer> <KeyFile>.
But when I try aspnet_regiis -pa <KeyContainer> <account-name>, the command just lists it's command line options. It does not indicate failure or success.

All these environments use .Net Framework v4.

I have looked at this question, but the difference is that I was able to execute aspnet_regiis -pi <KeyContainer> <KeyFile>. Nor did it make a difference to execute aspnet_regiis -lk as is suggested there.

The question is: how can I grant the application access to the contents of the Key Container, so that it can decrypt the Web.config? Why is aspnet_regiis acting as if the "-pa" option does not exist, rather than giving me a "Success" or "Failed" message?