Got Error 0x80070520 When Binding Certificate to Web Site on IIS 7

 

One of my customers had a problem when using one certificate on IIS 7. This certificate once been used on IIS 6 and it works fine. This means there is no problem with the certificate itself.

Here are the steps. Open the IIS MMC, open the Site Bindings, and then add a HTTPS binding. Select this certificate from the certificates drop down list, and click OK. Then, got follow error:

A specified logon session does not exist. It may already have been terminated.

(Exception from HRESULT: 0x80070520)

There was no problem using other certificates in the drop down list. Using CertUtil command to verify the certificate, we got error s like the Encryption test failed for the certificate imported.

The problem is due to Administrators group doesn’t have permission to access the private key file which is under "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys". By default, administrators group and system account have full control for this folder. This was resolved by giving administrators group full control to this folder.

Reference:

278381 Default permissions for the MachineKeys folders

https://support.microsoft.com/default.aspx?scid=kb;EN-US;278381

 

Regards,

Wei Zhao