Tuesday, November 29, 2011

A specified logon session does not exist. It may already have been terminated.

Issue:
On a Windows 2008 R2 or Windows 7 machine, you open Task Scheduler. You create a new task and the following conditions are used in the task.
  • The account used to run the task is another service account (i.e. author or the user who is trying to save the task) is different from the user who will be running the task
  • Option of “Run whether user is logged on or not” is selected.
  • Option of “Do not store password. The task will only have access to local computer resources.” is not selected.
When you try to save the task with the above general settings, we receive error.

Error Message:
An error has occurred for task <TaskName>. Error message: The following error was reported: A specified logon session does not exist. It may already have been terminated.

Cause:
This occurs because the local security policy has the following setting:
Network access: Do not allow storage of passwords and credentials for network authentication - Enabled.

Resolution:
To verify whether the security policy is causing the issue. Log on to the machine where you are facing the problem.
  • Start -> Administrative Tools -> Local Security Policy
  • Security Settings -> Local Policies -> Security Options
  • Network access: Do not allow storage of passwords and credentials for network authentication setting should be Enabled.
Just FYI, the corresponding registry key for this setting can be found here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Key Name: disabledomaincreds
Current Key Value: 1
The value of “1” means that the policy is enabled. It must be “0”.

NOTE: If you change the registry value to “0”, you should be able to save the task. Do not make registry changes unless you are absolutely sure. Only use it for checking it this resolves the issue or not on a test machine. Actual resolution is to update the group policy and disable the security policy mentioned above. It will take care of this registry.
Disable the policy from domain controller and run a group policy update.

No comments:

Post a Comment

You might find these articles useful