Thursday, October 11, 2012 8:24 AM
I would like to enquiry about the procedures on how to setup windows 7 PC for smart card logon. I have been having problems trying to activate smart card logon on windows 7 PC and was always prompted with the error message “The system could not log you on. The domain specified is not available. Please try again later.” I have joined the client PC to the domain but to no avail.
What I want is the client computer to prompt me with the PIN for my token instead of the typical username and password when I plugin my token during windows logon.
Do I need to enrol the hostname of the client computer with the CA and if so, how do I proceed about doing so. For your info, the CA at my server is a local one. Do I need to do anything at the client machine for instance, importing the signed certificate that I have registered with the CA. By the way, I have installed the software for my token on my client PC. While searching for a solution to my problem online, I chanced upon materials elaborating about autoenrolment. I understand that you could do something on the AD that could allow machines to autoenrol with the AD. Can someone enlight me about this autoenrolment thing.
I am currently using VASCO key 860 for my token and windows server 2008 enterprise.
I sorry that I sounded long-winded here as I am rather new to this PKI concept. It would be good if some kind soul could provide me a step-by-step instructions on my issue. Thank you very much for your assistance on this matter.
- Moved by Santosh BhandarkarMicrosoft Community Contributor, Moderator Thursday, October 11, 2012 9:07 AM CA related query (From:General)
Thursday, October 11, 2012 9:22 AM
To enable smart card logon on any Windows client, you need the following:
- Membership in AD
- A CA trusted in the NTAuth store with properly configured revocation checking
- All DC's must have a "Domain Controller Authentication" certificate from the CA above
- Users must have a smart card logon certificate from the CA above
All users can perform smart card logon if the above is true and you do not need any other settings or changes as smart card logon is supported by default.
Friday, October 12, 2012 8:32 AM
Thank you very much for the suggestions.
By the way, I was trying to request a certificate from the client machine using the MMC but could not see the computer template. Do I need to connect the LAN cable in order to see the template. After i have requested the certificate from the MMC, do i need to export out the certificate to the CA to be signed. And after the CA has signed the certificate, do i need to export it out again to be imported into the client machine.
Thanks for the support.