Domain/subdomain creation or SSL certificate upload fails: websrvmng failed: A specified logon session does not exist

Symptoms

• An attempt to create a domain or subdomain on a subscription produces this error:

  Error: WebServerManager::addVhost() failed: websrvmng failed:
  A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)
  In Microsoft.Web.Administration module Exception type:
  System.Runtime.InteropServices.COMException
  at Microsoft.Web.Administration.Interop.IAppHostMethodInstance.Execute()
  at Microsoft.Web.Administration.Binding.AddSslCertificate(Byte[] certificateHash, String certificateStoreName)
  at Microsoft.Web.Administration.BindingManager.BindingTransaction.Commit()
  at Microsoft.Web.Administration.BindingManager.Save()
  at Microsoft.Web.Administration.ServerManager.CommitChanges()
  at ServerManagerFactory.commit() at IIS7ServerManager.commit(IIS7ServerManager* )

• The same error may be reported on an attempt to secure a website with an SSL certificate;

• Trying to upload a certificate provided by GoDaddy in Domains > example.com > SSL/TLS Certificates > Add SSL/TLS Certificate using
.p7b
file as CA certificate, the similar error occurs:

  Error: Unable to set the CA certificate: Unable to put certificate file: Unable to update certificate in Web Server:
  websrvmng failed: A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)
  In Microsoft.Web.Administration module
  Exception type: System.Runtime.InteropServices.COMException
  ..........
  at reconfigureVHosts()(WebServerManager::reconfigureVHosts line 334)
  at execute console command --reconfigure-vhosts(vconsoleapp::start line 122) at execute "C:Program Files (x86)Pleskadminbin64websrvmng" --reconfigure-vhosts "--config=tmp2B47.tmp"(vconsoleapp::run line 139) (Error code 1)

Cause

• The issue may be caused by the wrong SSL certificate being applied to the website, i.e. by the SSL certificate and CA certificate parts being the same, or the old CA certificate may be empty.

• When an SSL certificate is not enabled on a domain in IIS, but SSL is enabled in Plesk.

Resolution

1. Log in to Plesk.

2. Go to Plesk > Domains > example.com > Websites & Domains > Hosting Settings and make sure that SSL is enabled.

3. Connect to the server via RDP.

4. Check that the certificate is assigned to the domain in IIS > Sites > example.com > Bindings...  :

   

5. On the SSL certificate properties screen ( Websites & Domains tab > example.com > SSL/TLS Certificates > Certificate name ), verify that the CA Certificate section does not contain the same content as the certificate section above it.

   If the sections match, remove the CA certificate part from the SSL certificate by clicking the the Remove button in the CA Certificate section.

6. If the issue persists, remove all the outdated certificates from Plesk > Tools & Settings > SSL Certificates. If the certificate affected is domain's one, remove it from Websites & Domains tab > example.com > SSL/TLS Certificates.