Today I ran into IIS 7.5 SSL certificate binding error 0x80070520 after running sysprep to create a new bundled EC2 AMI. First I launched a Windows 2008 R2 instance from an official Amazon AMI, installed IIS and imported our wildcard SSL certificate to be used on future websites. Launched the ec2Config service and ran sysprep. Created a new AMI (image) of this instance, then launched a new instance based off this AMI. In IIS Manager, tried to edit the https binding of a site and got the error:
A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)
This actually has nothing to do with Amazon and is caused by sysprep changing the machine SID which I believe affects the private key of the certificate rendering it invalid. You'll need to remove the certificate and re-import.
Here is a little bit of information about the duplicate SID myth from Mark Russinovich (the guy who wrote all the Sysinternals software) -
"The more I thought about it, the more I became convinced that machine SID duplication – having multiple computers with the same machine SID – doesn’t pose any problem, security or otherwise. I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue. At that point the decision to retire NewSID became obvious."
A workaround to this issue is to not import the certificate prior to sysprepping, and instead use this powershell script upon first boot to import the certificate.
Have you ever wondered what life might be like if the Windows 10 OS somehow had a single folder that… Read More
There could be any number of reasons for needing to flash manufacturer stock OEM firmware on a Samsung Galaxy S9… Read More
Designing e-mail solutions on a large scale can be a complex and costly challenge for a business: you need to… Read More