Logon Session Does Not Exist Error During IIS Certificate Binding - ITMS
search cancel

Logon Session Does Not Exist Error During IIS Certificate Binding - ITMS

book

Article ID: 247778

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

When attempting to add or update a certificate binding in IIS for the Cloud-Enabled Management (CEM) site on a Notification Server, the following error is displayed: "A specified logon session does not exist. It may already have been terminated"

This issue often prevents the generation of CEM agent packages and indicates a problem with the certificate's private key or its location in the Windows Certificate Store:

"Failed to generate package" when generating CEM agent packages

Environment

  • IT Management Suite (ITMS) 8.x
  • Internet Information Services (IIS) 7.5 and higher
  • Windows Server 2012 / 2016 / 2019 / 2022

Cause

This error occurs if the .PFX certificate was originally imported into the current user's store instead of the local computer's store, or if the private key became corrupted during a previous import attempt.

Resolution

To resolve this error, you must re-import the certificate into the correct store and ensure the private key is properly associated.

  1. Open Microsoft Management Console (MMC):

    • Click Start > Run, type mmc, and press Enter.
    • Navigate to File > Add/Remove Snap-in.
    • Select Certificates and click Add.
    • Select Computer account, click Next, and ensure Local computer is selected. Click Finish.

  2. Export the Existing Certificate:

    • Expand Certificates (Local Computer) > Personal > Certificates.
    • Locate the target certificate, right-click it, and select All Tasks > Export.
    • Follow the wizard to export the private key (format: .PFX) and set a password. Save it to the desktop.

  3. Delete and Re-import:

    • Right-click and Delete the original certificate from the MMC.
    • Right-click the Certificates folder under Personal and select All Tasks > Import.
    • Browse to the desktop file. During the import wizard, ensure the box "Mark this key as exportable" is checked.
    • Complete the wizard to place the certificate back into the Personal store.

  4. Update IIS Binding:

    • Open IIS Manager and navigate to the Symantec Agent CEM site.
    • Click Bindings, select the HTTPS binding for port 4726, and click Edit.
    • Select the newly re-imported certificate and click OK.
Powered by Wolken Software