How to fix IIS Server Error - "A specified logon session does not exist"

Recently ran into an issue with one of my clients where they were trying to access their reporting site online, but it refused to connect over SSL because of what was then an unknown issue. Essentially, I couldn't access an HTTPS site, and it turned out that I also couldn't bind my existing SSL Certificate to it either! This guide will show you how to fix IIS server error "A specified logon session does not exist." 

Here’s the error I received when accessing via Chrome:

This page can't be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://server.domain again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

I hopped on the server and being the security company that we are, certain ciphers and protocols are disabled because they need to be. TLS1.2, however, WAS enabled!

Rebooted the server to reset IIS in full, as well as any processes that were running—this had no effect. Naturally, the next step was to check event logs, which gave me the following:

Error (SCHANNEL) ID 36870

A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.

and

Error (HttpEvent) ID 15021

An error occurred while using SSL configuration for endpoint 0.0.0.0:443.  The error status code is contained within the returned data.

This led me to take a look at the bindings of my website in IIS. Here’s what I did to get the determination of a possible certificate error:

Step 1: Open IIS

Step 2: Right Click affected website and select “Edit Bindings”

Step 3: “Edit” binding for 443

Step 4: Change SSL Cert to IIS Dev Cert and Apply

Step 5: Re-Apply your cert and get the following:

A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)

Well then, that’s an interesting error. I determined this was likely an SSL Cert problem, and from what I read it could be confused as to who the “owner” of the certificate is - usually happens if you added the cert as a local admin or another user instead of the account you’re on.

Here’s how to fix:

Open up certificates in MMC

Step 1: Open up a Run window and type “mmc”

Step 2: Click File > Add/Remove Snap-In

Step 3: Add > Certificates, Click OK

Step 4: Choose “Computer Account,” then “Local Computer,” and proceed.

Step 5: Hit OK

Export Certificate in MMC

Step 1: Open “Certificates”

Step 2: Open the folder where your certificate is stored.

Step 3: Right Click on Certificate, All Tasks, Export

Step 4: Export to the server Desktop

Now you should be able to re-import your certificate into IIS (or just into MMC) without issue. Restart IIS, and  Note: You may have to reimport as “Complete certificate renewal,” depending on your certificate.

If that didn’t work - I came across this issue at another client and found that it was because I had deleted the PREVIOUS certificate that had expired. Somehow the two were tied together, and as soon as I reimported the old certificate … everything was working again!

Did this fix work for you? Yes/No? Did you find another way to make it work?