Product version: 1.2.336.273

Session Base Err-001.js test line 26 has the following code:
CloseSessionHelper.Execute( { Session: session2, ServiceResult: new ExpectedAndAcceptedResults( StatusCode.BadSessionNotActivated, StatusCode.BadSessionIdInvalid ) } );

The test should also accept Good statuscode because

1. The specification v 1.03 Part 4 section 5.6.2.3 Service Results (for CreateSession) "Bad_NonceInvalid ... A check for duplicated nonces is optional and requires access to the nonce used to create the secure channel.", this means if the session is created successfully, it is a normal session.

2. The test comment "... Expect error Bad_NonceInvalid for the 2nd session, or Good (if server doesn't monitor nonces). "

If the session is created successfully, we should always be able to call CloseSession that passes, except when malicious client tries to do that on another channel:
Spec 1.03 part 4 section 5.6.4.1
"When the CloseSession Service is called before the Session is successfully activated, the Server
shall reject the request if the SecureChannel is not the same as the one associated with the
CreateSession request."
(seems to be added in 1.03) however that should not affect this case as we are on the same channel.

Also it seems weird that the test expects also BadSessionNotActivated because we should always be able to close a session (if on same channel) regardless is it activated or not. While the specification does not have an exact wording on this, it would be odd if a session cannot be closed (i.e. if the server returns BadSessionNotActivated, then it would keep the session resources until it timeouts, which does not make sense).