How to fix the Win32 API function error: 1312 (GetTokenInformation) occurring for the below code used for creating a windows application.

Prem Jha 45 Reputation points
2024-09-10T04:38:49.8933333+00:00

I have used the below code and it is working fine for most of the cases but for one windows machine it is failing at the section where we call 'GetTokenInformation' win32 API function and throws an error as ERROR: API = GetTokenInformation, error code = 1312, message = A specified logon session does not exist. It may already have been terminated.)
What could have gone wrong and how can we resolve this. Please help. Thanks!

// Logging on as the passed ssh user (not logged in user) which is non-Administrator
        if (!LogonUser(username.c_str(), domain.c_str(), password.c_str(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken)) {
                DisplayError(L"LogonUser");
                goto Cleanup;
        }

        tokenUsed = hToken;
        
        // If the ssh user (not logged in user) is non-Administrator, we need linked token
        if (!adminUser)
        {
                if (!GetTokenInformation(hToken, TokenLinkedToken, &linkedToken, sizeof(TOKEN_LINKED_TOKEN), &returnLength))
                {
                        DisplayError(L"GetTokenInformation");
                        goto Cleanup;
                }

                // Duplicate the token to ensure valid usage
                if (!DuplicateTokenEx(linkedToken.LinkedToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hDupToken)) {
                        DisplayError(L"DuplicateTokenEx");
                        goto Cleanup;
                }

                tokenUsed = hDupToken;  // Use the duplicated token
        }

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,621 questions
{count} votes

Accepted answer
  1. RLWA32 45,571 Reputation points
    2024-09-10T06:42:49.3633333+00:00

    Ordinarily, a standard account (i.e., non-Administrator) will not have a linked token when UAC is enabled. Only accounts that are members of the Administrators group will have one when logged on with the usual Windows API functions such as LogonUser.

    // If the ssh user (not logged in user) is non-Administrator, we need linked token

    The posted code seems to be looking for a linked token for non-Administrator accounts which doesn't make sense to me.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Prem Jha 45 Reputation points
    2024-09-12T09:35:50.0333333+00:00

    @RLWA32 I used the control panel to create the new user and then used the interactive logon method just before GetTokenInformation which is as below. LogonUser(username.c_str(), domain.c_str(), password.c_str(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hToken) So, in our case the user created is not created by an S4Ulogon and thus it must fall under the 'Token Elevation type is TokenElevationTypeFull'..


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.