Got Error 0x80070520 When Binding Certificate to Web Site on IIS 7


One of my customers had a problem when using one certificate on IIS 7. This certificate once been used on IIS 6 and it works fine. This means there is no problem with the certificate itself.


Here are the steps. Open the IIS MMC, open the Site Bindings, and then add a HTTPS binding. Select this certificate from the certificates drop down list, and click OK. Then, got follow error:


A specified logon session does not exist. It may already have been terminated.

(Exception from HRESULT: 0x80070520)


There was no problem using other certificates in the drop down list. Using CertUtil command to verify the certificate, we got error s like the Encryption test failed for the certificate imported.


The problem is due to Administrators group doesn’t have permission to access the private key file which is under "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys". By default, administrators group and system account have full control for this folder. This was resolved by giving administrators group full control to this folder.



278381  Default permissions for the MachineKeys folders;EN-US;278381



Wei Zhao

Comments (7)

  1. mandm says:

    I just ran accross this issue with ii7. changing out a cert. your suggesting worked! thanks

  2. vavr says:

    thanks man 🙂 it worked for me too

  3. Rose Bush says:

    I saw this in the case of a machine that had been cloned and then sysprep'ed.  If anyone else hits the same parts of issue, the following articles helped me out:

    Caution while xcopying IIS 7.0 config files:…/caution-while-xcopying-iis-7-0-config-files.aspx

    IIS issues after deploying a template:…/406308

  4. Walid says:

    Solution for me was to delete the ssl cert and re-import it, marking it as re-exportable during the import wizard. Try this before changing permissions on the MachineKeys folder.

  5. Phat Vo says:

    You saved my life 🙂

    I spent 1 day to fix this

  6. dvtov says:

    Making the SSL Cert exportable resolved it for me when I ran into this problem.

  7. Mariano says:

    Same issue for me on IIS 7.5 while renewing a certificate, but I retried later and it disappeared by itself… the only actions I performed was: re-import the old certificate, update bindings to the old certificate, restart IIS site.
    After that I re-tried to change bindings to the new certificate and no error appeared.

Skip to main content