Can I use Windows Credential with a service account ?

I realized some unsuccessful tests and I don't find if I really can use Windows Credential (generic credentials) to store credentials from a service account (domain account).

I must store and retrieve credentials from an Intranet application hosted in IIS. The pool of this application runs under a service account (special domain account). I logged to my server one time with this account to create a Windows profile (I think it's necessary).

When I want to store a credential (CredWrite api), I get the error :

Failed to write credential: A specified logon session does not exist. It may already have been terminated.

So is it possible to use the Windows Credential mechanism in this context ? If yes, how can I get the desired results ? If not, what is the best solution to handle my needs (store and retrieve) ?

Environment : Windows Server 2008 R2 Enterprise

The group policy setting Network access: Do not allow storage of password and credentials for network authentication is disabled.

Thanks for help.




May 16th, 2015 8:12am

Hi,

Please disable this group policy setting Network access: Do not allow storage of password and credentials for network authentication to see whether it works, which is under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

More information for you:

Error message when you try to automatically deploy agents in MOM 2005: "A specified logon session does not exist. It may have already been terminated"

https://support.microsoft.com/en-us/kb/912998?wa=wsignin1.0

Best Regards,

Amy

Free Windows Admin Tool Kit Click here and download it now
May 18th, 2015 2:55am

Hi Amy,

Thank you for your answer, but I checked this option few days ago and it is disabled. I'm going to add this fact to my first message as it is the first thing to check (found immediately when we google the error message).

Best regards,

Philippe

May 18th, 2015 6:45am
Pool account needs to gain access to its user profile.
So we need to connect one time to a Windows Session to create user profile (I think it's necessary). Next in the Advanced Settings of the dedicated Application Pool, set "Load User Profile" = true.
  • Marked as answer by Explorer_69 17 hours 5 minutes ago
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2015 10:42am

Hi,

Thank you very much for sharing the solution with us!

Please feel free to let us know if there are any further requirements.

Best Regards,

Amy

May 22nd, 2015 3:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics