IIS 7 Error “A specified logon session does not exist. It may already have been terminated.” when using https

核能气质少年 提交于 2019-12-02 17:50:28

I ran across this same issue, but fixed it a different way. I believe the account I was using changed from the time I initially attempted to set up the certificate to the time where I returned to finish the work, thus creating the issue. What the issue is, I don't know, but I suspect it has to do with some sort of hash from the current user and that is inconsistent in some scenarios as the user is modified or recreated, etc.

To fix it, I ripped out of both IIS and the Certificates snap-in (for Current User and Local Computer) all references of the certificate in question:

Next, I imported the *.pfx file into the certs snap-in in MMC, placing it in the Local Computer\Personal node:

  1. Right-click the Certificates node under Personal (under Local Computer as the root)
  2. All Tasks -> Import
  3. Go through the Wizard to import your *.pfx

From that point, I was able to return to IIS and find it in the Server Certificates. Finally, I went to my site, edited the bindings and selected the correct certificate. It worked because the user was consistent throughout the process.

To the point mentioned in another answer, you shouldn't have to resort to marking it as exportable as that's a major security issue. You're effectively allowing anyone who can get to the box with a similar set of permissions to take your cert with them and import it anywhere else. Obviously that's not optimal.

Roman Starkov

Security warning: what the checkbox really means is that the certificate can be read by users that shouldn't be able to read it. Such as the user running the IIS worker process. In production use the other answer instead.

Happened to me too, and was fixed by ensuring that "Allow this certificate to be exported" is checked when you import it:

                                           

(thanks to this post!)

This must be some kind of IIS bug, but I found the solution.

1- Export MyPersonalCA.pfx from IIS.

2- Convert it to .pem:

openssl pkcs12 -in MyPersonalCA.pfx -out MyPersonalCA.pem -nodes

3- Convert it back to .pfx:

openssl pkcs12 -export -in MyPersonalCA.pem -inkey MyPersonalCA.pem -out MyPersonalCA.pfx

4- Import it back to IIS.

Nobody probably cares about this anymore, but I just faced this issue with my IIS 7 website binding. The way I fixed it was going to the Certificate Authority and finding the certificate issued to the server with the issue. I verified the user account that requested the certificate. I Then logged into the IIS server using RDP with that account. I was able to rebind the https protocol using that account only. No exports, reissuing, or extension changing hacks were needed.

In our case this problem occurred because we have installed the certificate in a Virtual Machine and made an image of it for further use.

When creating another VM from the image previously created the certificate sends the message.

To avoid this be sure to install the certificate on every new VM installed.

We had the same issue due to incorrectly importing the certificate into the Current User Personal certificate store. Removing it from the Current User Personal store and importing it into the Local Machine Personal certificate store solved the problem.

I got this error due to wrong openssl command-line during export PKCS #12 certificate. -certfile key was wrong. I exported certificate again and it was imported successfully.

I had the same issue. Solved by removing the certificate from de personal store (somebody put in it) and from the webhosting. All done through the IIS manager. Then I added again to the webhosting store (with everything checked) and I can use HTTPS again...

In my case it was because the World Wide Publishing Service user didn't have permissions to the certificate. After installing the certificate, access the certificates module in MMC and right-click the certificate with the issue. Select "Manage Private Keys..." from the "All Tasks" menu and add the above user. This was SYSTEM user in my case.

According to the MSDN blog post, this can happen when the current user account doesn't have permission to access the private key file which is under the folder "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys". Apparently this can be resolved by granting the user account / user group Full Access permission to the above folder.

I've come across the same issue, and was able to resolve it by simply re-importing the .pfx file with the Allow this certificate ti be exported checkbox selected.

However, this method imposes a security risk - as any user who has access to your IIS server will be able to export your certificate with the private key.

In my case, only I have access to my IIS server - therefore it was not a huge risk.

I managed to fix this problem by importing the SSL certificate PFX file using Windows Certificate Manager.

http://windows.microsoft.com/en-us/windows-vista/view-or-manage-your-certificates

I just had this issue today and feel compelled to post my solution in the hope that you will lose less hair than I've just done.

After trying the solutions above, we had to re-issue the SSL certificate from the SSL provider (RapidSSL issuing as a reseller for GeoTrust).

There was no cost with this process, just the five minute wait while the confirmation emails (admin@) arrived, and we gained access again.

Once we had the response, we used IIS > Server Certificates to install it. We did not need the MMC snap-in.

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO5757

We kept a remote desktop window to the server open throughout, to avoid any issues with differing login accounts/sessions, etc. I do believe it is an IIS bug as another expert believes, as we only have one RDC account. What is most infuriating is that the very same certificate has been working perfectly for two months before suddenly "breaking".

Instead of importing the cert from IIS, do it from MMC. Then goto IIS for binding.

In my case I imported a newer version of a certificate (PFX for IIS) from StartSSL just recently and forgot to remove the old one, which somehow caused this error (now two certs sort of the same). I removed both of them, imported the proper one, and now it works.

I was getting a this error when trying to bind localhost pfx cert for my development machine. Before i tried any of this above, tried something simpler first.

  1. Closed any localhost dev site i had openned.
  2. Stopped my IIS server and closed the manager
  3. run the manager as Admin
  4. Added all my https bindings, no errors or issues this time.
  5. restarted iis

Everything seems to work after that.

Try :

  1. Go into IIS and delete "VSTS Dev Router" web site and "VSTS Dev Router Pool" application pool.
  2. Run “certlm.msc” and open Personal/Certificates
  3. Delete any cert named “*.vsts.me” and "vsts.me"
  4. Re-deploy
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!