hotfixHere’s another good KB article we published today.  If you’re seeing error 0x80070520 when trying to deploy the OpsMgr agent then this one is for you:

=====

Summary

Deploying agents from the Operations Manager Shell using the Install-Agent cmdlet results in error 0x80070520 (ERROR_NO_SUCH_LOGON_SESSION), with the description “A specified logon session does not exist. It may already have been terminated.” Event ID 10612 in the Operations Manager event log is also logged:

Event Type: Error
Event Source: Health Service Modules
Event Category: None
Event ID: 10612
Description:
The Operations Manager Server failed to perform specified operation on computer MANAGEMENTSERVER.FQDN.
Operation: Agent Install
Install account: DOMAIN\ACCOUNT
Error Code: 80070520
Error Description: A specified logon session does not exist. It may already have been terminated.

The error is returned when an attempt is made to store the credentials used to deploy the agent in a context that is not permitted. This can be a result of a policy setting, or the inability to store the credentials under the Local System account.

To check if it is policy related, on the Management Server specified when calling the Install-Agent cmdlet, open Local Security Policy from Administrative Tools. Navigate to Local Polices->Security Options. For Windows Server 2003 locate the policy “Network access: Do not allow storage of credentials or .NET Passports for network authentication”, or for Windows Server 2008 locate the policy “Network access: Do not allow storage of passwords and credentials for network authentication”. Ensure this policy is disabled.

This policy controls the following registry value:
KEY: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
VALUE: disabledomaincreds
SETTING: 0 – disabled, 1 – enabled

The other possibility is that the credentials are attempting to be stored under the Local System account which is not possible. Check the Default Action Account profile for the Management Server specified when calling the Install-Agent cmdlet. If the Management Server’s Default Action Account is set to Local System, change it to a domain account with the appropriate permissions. This also applies to Gateway Servers being used to deploy agents as well.

More Information

Network access: Do not allow storage of credentials or .NET Passports for network authentication
http://technet.microsoft.com/en-us/library/cc779377(WS.10).aspx

Account Information for Operations Manager 2007
http://technet.microsoft.com/en-us/library/bb735419.aspx

=====

For the most current version of this article please see the following:

2627700: Deploying System Center Operations Manager 2007 agents using the Install-Agent cmdlet fails with error 80070520

J.C. Hornbeck | System Center Knowledge Engineer

App-V Team blog: http://blogs.technet.com/appv/
AVIcode Team blog: http://blogs.technet.com/b/avicode
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
OOB Support Team blog: http://blogs.technet.com/oob/
Opalis Team blog: http://blogs.technet.com/opalis
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
OpsMgr Support Team blog: http://blogs.technet.com/operationsmgr/
SCMDM Support Team blog: http://blogs.technet.com/mdm/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/

clip_image001 clip_image002