ERROR_BAD_LOGON_SESSION_STATE (0X00000555) Fix
This error means Windows sees your login session as broken. The fix is clearing cached credentials and restarting the Credential Manager service.
You're trying to access a network share, run a scheduled task, or switch users — and Windows throws back 0x00000555. It's cryptic, but the cause is straightforward: your logon session got into a weird state, and Windows refuses to honor it for that operation. This usually happens after a password change, a domain disconnect, or a hung RDP session.
The Fix: Clear Cached Credentials & Restart the Service
- Open Credential Manager — hit Win + R, type
control keymgr.dll, press Enter. - Go to Windows Credentials (not Web Credentials). Look for any entries tied to the target machine, domain, or user account that's failing. Delete them. I've seen entries named
TERMSRV/server-nameorMicrosoftAccount:user@domain.comcause this. - Open an elevated Command Prompt (right-click Start, select Terminal (Admin)). Run these two commands:
net stop CredentialManager /y
net start CredentialManagerThe /y flag forces the stop — without it, Windows might refuse if another service depends on it. After restarting, try your original operation again.
If that doesn't cut it, reboot. I know, it's the cliché answer, but here it genuinely resets the logon session state. The reboot clears the LSASS (Local Security Authority Subsystem Service) cache, which is where the corrupt session lives.
Why This Works
What's actually happening here is that Windows uses the Credential Manager service as a broker between your logon session and network resources. When you change a password or a domain trust relationship shifts, the cached credentials in Credential Manager become a snapshot of the old state. The LSASS process holds onto that session handle, and the next time an app tries to use it — say, runas or a mapped drive — the security subsystem checks the session state against the current credentials. They don't match, so you get ERROR_BAD_LOGON_SESSION_STATE.
Clearing those credentials removes the stale reference. Restarting the service forces LSASS to reinitialize its session table. The reason step 3 works is that stopping the service terminates any lingering sessions, and starting it rebuilds them fresh from scratch. No reboot needed — but a reboot does the same thing plus clears any residual kernel-mode state.
Less Common Variations
Kerberos Ticket Expiration
If you're on a domain and the error pops up when accessing a file server, you might have an expired Kerberos ticket. Run this in an elevated command prompt to refresh it:
klist purge
klist get krbtgt/YOURDOMAIN.COMReplace YOURDOMAIN.COM with your actual domain. I've seen this on Windows 10 22H2 after a day-long RDP session where the ticket timed out but the session didn't die.
Third-Party VPN Interference
Cisco AnyConnect and Pulse Secure (now Ivanti) are notorious for creating split-tunnel logon sessions that collide with Windows' native credential provider. Disconnect the VPN, run the service restart above, reconnect. If the error goes away, add a registry key to force the VPN to use the system credential session rather than creating a parallel one. That's an advanced fix — search for LocalSystemTunnel in your VPN vendor's docs.
Corrupt User Profile
In rare cases, the user profile itself is busted. Check Event Viewer under Windows Logs > Security for event ID 4625 with status 0x555. If you see that repeatedly for the same user, create a new profile: rename C:\Users\<username> to .old, log out, log back in. Windows builds a fresh profile.
Prevention
This error is almost always triggered by a mismatch between what Windows thinks your session is and what it actually is. To avoid it:
- Always log off properly before closing a laptop lid or disconnecting RDP. Don't just close the window — use Start > Log off.
- After changing your domain password, reboot within the same session. Don't leave it hanging for hours.
- If you use runas frequently, add the
/netonlyflag — that forces Windows to create a separate network logon session instead of reusing the current one. - Keep Credential Manager clean. Every few months, delete stale entries — especially old RDP passwords and SharePoint credentials. They accumulate quietly and cause trouble later.
None of this is rocket science, but Windows hides these internals well. Once you know the session state is what's wrong, the fix clicks into place.
Was this solution helpful?