none
Windows 7 using Smart Card Logon Certificate RRS feed

  • Question

  • Hi,

    I am new to Certificates etc but I have managed to setup my DC in a test lab as a CA and been able to enrol a smart card with a Smart Card Logon Certificate.

    The problem I face is that I am running all my machines in a virtual environment DC, Client etc.  If I choose NAT which does not let me talk to the DC from teh client I am able to login with the SC and cert no problem but if I change the network typw to bridged so taht I can then ping my DC etc when I try to login I get an error at the CP level which is:

    'The system could not log you on. You cannot use a smnart card to log on because smart card logon is not supported for your user account. Contact your system administartor to ensure that smart card logon is configured for you oranization.'

    Can anyone shed any light on this and when I am not connected to the DC why does it work? is it using a local cache?

    Thanks,

    Matt

     

    Thursday, January 13, 2011 11:44 AM

Answers

  • Hi,

    Please verify that the rootCA certificate has been imported into the Trusted Root Certification Authorities store on all DCs.

     


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, January 20, 2011 4:40 AM
    Moderator

All replies

  • Just to add to this the OS is Windows 7 Pro, I am running the DC and CA on Win 2008 Enterprise Version 6.0 sp1. My smart card is a Gemalto .NET IM v2+ and I have the Gemsafe Middleware (even tho I probably do not need this as the card is a .NET and supported in Win7).

    Thanks 

    Thursday, January 13, 2011 11:51 AM
  • Hi,

    Please verify that the rootCA certificate has been imported into the Trusted Root Certification Authorities store on all DCs.

     


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, January 20, 2011 4:40 AM
    Moderator