Here’s another good KB article we published today. If you’re seeing error 0x80070520 when trying to deploy the OpsMgr agent then this one is for you:
Deploying agents from the Operations Manager Shell using the Install-Agent cmdlet results in error 0x80070520 (ERROR_NO_SUCH_LOGON_SESSION), with the description “A specified logon session does not exist. It may already have been terminated.” Event ID 10612 in the Operations Manager event log is also logged:
Event Type: Error Event Source: Health Service Modules Event Category: None Event ID: 10612 Description: The Operations Manager Server failed to perform specified operation on computer MANAGEMENTSERVER.FQDN. Operation: Agent Install Install account: DOMAIN\ACCOUNT Error Code: 80070520 Error Description: A specified logon session does not exist. It may already have been terminated.
The error is returned when an attempt is made to store the credentials used to deploy the agent in a context that is not permitted. This can be a result of a policy setting, or the inability to store the credentials under the Local System account.
To check if it is policy related, on the Management Server specified when calling the Install-Agent cmdlet, open Local Security Policy from Administrative Tools. Navigate to Local Polices->Security Options. For Windows Server 2003 locate the policy “Network access: Do not allow storage of credentials or .NET Passports for network authentication”, or for Windows Server 2008 locate the policy “Network access: Do not allow storage of passwords and credentials for network authentication”. Ensure this policy is disabled.
This policy controls the following registry value: KEY: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa VALUE: disabledomaincreds SETTING: 0 – disabled, 1 – enabled
The other possibility is that the credentials are attempting to be stored under the Local System account which is not possible. Check the Default Action Account profile for the Management Server specified when calling the Install-Agent cmdlet. If the Management Server’s Default Action Account is set to Local System, change it to a domain account with the appropriate permissions. This also applies to Gateway Servers being used to deploy agents as well.
Network access: Do not allow storage of credentials or .NET Passports for network authentication http://technet.microsoft.com/en-us/library/cc779377(WS.10).aspx
Account Information for Operations Manager 2007 http://technet.microsoft.com/en-us/library/bb735419.aspx
For the most current version of this article please see the following:
2627700: Deploying System Center Operations Manager 2007 agents using the Install-Agent cmdlet fails with error 80070520
J.C. Hornbeck | System Center Knowledge Engineer
App-V Team blog: http://blogs.technet.com/appv/ AVIcode Team blog: http://blogs.technet.com/b/avicode ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/ DPM Team blog: http://blogs.technet.com/dpm/ MED-V Team blog: http://blogs.technet.com/medv/ OOB Support Team blog: http://blogs.technet.com/oob/ Opalis Team blog: http://blogs.technet.com/opalis Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ OpsMgr Support Team blog: http://blogs.technet.com/operationsmgr/ SCMDM Support Team blog: http://blogs.technet.com/mdm/ SCVMM Team blog: http://blogs.technet.com/scvmm Server App-V Team blog: http://blogs.technet.com/b/serverappv Service Manager Team blog: http://blogs.technet.com/b/servicemanager System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials WSUS Support Team blog: http://blogs.technet.com/sus/