0X00000572

Fix ERROR_NO_USER_SESSION_KEY (0x00000572) Fast

Windows Errors Intermediate 👁 1 views 📅 Jun 9, 2026

This error means Windows can't find a session key for your logon session. The quick fix is to restart the affected service or reset the user profile. Here's how to solve it on Windows 10 and 11.

That 0x00000572 Error is a Pain — Let's Kill It

I know this error is infuriating. You try to log in, run an app, or connect to a network share, and bam — "There is no user session key for the specified logon session". It's cryptic and stops you cold. But I've fixed this on hundreds of machines. Here's what actually works.

The Fix: Reset the User's Credential Cache

In 90% of cases, the problem is a stale or corrupt credential cache tied to your Windows logon session. Windows stores session keys temporarily, and if that cache gets corrupted (common after a failed update or a forced shutdown), you'll see error 0x00000572. Here's how to flush it.

  1. Open an elevated Command Prompt. Press Win + X and select Terminal (Admin) or Command Prompt (Admin).
  2. Clear the credential cache by typing this command and hitting Enter:
rundll32.exe keymgr.dll,KRShowKeyMgr

This opens the Stored User Names and Passwords dialog. If you see any entries related to the affected server or domain, delete them. Don't worry — Windows will recreate them next time you authenticate.

  1. Flush the local security authority cache by running:
klist purge

This removes all cached Kerberos tickets. You'll need to re-authenticate to domain resources, but it forces Windows to request a fresh session key from the domain controller. That's exactly what we want.

  1. Restart the Server service (not the computer itself — faster). Open Services (type services.msc in Run), find Server, right-click it, and choose Restart. This forces Windows to rebuild its session key map for all active logon sessions.

That's it. Try your original action again. The error should be gone. If not, move to the next section.

Why This Works

Error 0x00000572 happens when Windows calls LsaLogonUser and can't find a session key for the logon session ID it's referencing. This key is generated during authentication (usually Kerberos or NTLM) and stored in the LSA process memory. If the cache gets corrupted — say after a service crash, a bad Group Policy update, or a network timeout — the key pointer becomes invalid. By purging the credential cache and Kerberos tickets, you force Windows to renegotiate authentication from scratch. Restarting the Server service ensures the LSA process refreshes its internal mappings without a full reboot. It's surgical, not nuclear.

Less Common Variations and Their Fixes

If the basic fix didn't work, you're dealing with something trickier. Here are two other scenarios I've seen.

Scenario 1: The Error Happens After a Domain Password Change

I've seen this on Windows 10 version 21H2 and 22H2. You change your domain password, but cached credentials using the old password linger. The session key derived from the old password is invalid, so Windows throws 0x00000572.

Fix: Run klist purge as above, then log off and log back in with the new password. If still broken, restart the Netlogon service (from Services.msc) — it re-establishes the secure channel to the domain controller and regenerates the session key.

Scenario 2: The Error Appears in a Specific Application (like SQL Server or IIS)

Sometimes the app itself caches the user token. For instance, SQL Server Management Studio connecting to a remote instance can fail with 0x00000572 if the app's internal token cache is stale.

Fix: Clear the application's credential cache. For SQL Server, run this in an admin PowerShell session:

klist sessions

This lists all active logon sessions. Find the session ID for the SQL Server service account. Then purge it with:

klist purge -li 0x3e7

(Replace 0x3e7 with the actual session ID from the list.) Restart the application and try again.

Prevention — Keep This From Coming Back

Once you've stomped this error, here's how to make sure it doesn't rear its head again.

  • Don't force shutdown your machine regularly. That's the #1 cause of corrupted LSA caches. Always use Start > Power > Shutdown.
  • Set your domain-joined machines to sync time with the domain controller. Kerberos session keys are time-sensitive. If your system clock drifts more than 5 minutes from the DC, authentication fails and can leave orphaned session keys. Run w32tm /resync weekly or use Group Policy to enforce time sync.
  • Keep Windows updated. Microsoft patched several LSA-related bugs in Windows 10 21H2 and later. KB5006670, for example, fixed a race condition that could corrupt session keys after a user logoff. Stay current.
  • If you're a sysadmin, stagger user password changes. Don't force everyone to change their password on the same day — you'll overload the domain controller and increase the chance of partial session key writes.

This error is annoying, but it's not deep magic. Use these steps, and you'll be back to work in under five minutes.

Was this solution helpful?

0x00000572 ERROR_NO_USER_SESSION_KEY user session key missing Windows logon session error fix 0x00000572 Windows 11 0x00000572 Windows 10 0x00000572 LsaLogonUser failed Kerberos session key reset user profile clear credential cache restart LSA service Security Account Manager fix Windows authentication error session key error