Fix "A specified logon session does not exist" while using IIS to bind an SSL certificate

Question

I am using IIS 10 on Windows Server 2016, I have imported an SSL certificate in the "Personal" store of the Server; while using IIS Manager trying to bind the default website to the certificate from the "Personal" store, I got the error  in a message box entitled  "Edit site binding " and containing the message: " There was an error while performing this operation. Details: A specified logon session does not exist. It may already have been terminated. Exception from HRESULT:  0x80070525" I mention also that after ending the session and restarting a new session, and then retrying the binding, I got "Exception from HRESULT:  0x80070520" instead of "0x80070525" Please advise, Thanks

Answer 1

I don't know if this fits. Anyways, it happened to me too while I was binding a newly installed certificate to a IIS 10 site (I imported it in the "Web Hosting" folder, instead of "Personal"). The problem was the PFX file. I originally had the certificate in .crt format (for Apache), and converted it to PFX on a Linux box with openssl. I found out that the modern encryption algorithms were the problem.

This DID NOT work:

#openssl pkcs12 -export -certpbe AES-256-CBC -keypbe AES-256-CBC -out certificate.pfx -inkey certificate.key -in certificate.crt -certfile CACertificate.crt

This DID work:

#openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -out certificate.pfx -inkey certificate.key -in certificate.crt -certfile CACertificate.crt

So, PBE-SHA1-3DES instead of AES-256-CBC. Also, the "-nomac" option is mandatory, as the PFX password would not be recognized later when importing the certificate to the Local computer Certificates (with error "The password you enterd is incorrect").

Maybe tweaking the cyphers, etc. in the Windows Registry helps to fix this too, I didn't try.