Smart Card VS CLM


  • Hi TechNet folks,

    We've an odd situation to resolve and it's becoming more and more embarassing:

    • Base Info:

    Smart Card: .NET V2+ Card
    Middleware: Gemalto V5
    Smart Card Management: CLM 2007
    Internal Reader: Microsoft Usbccid Smart Card Reader
    External Reader: SCM SCR3310
    Drivers are up to date.

    • Issue Description:

    The internal readers on workstations do not work for him, he has to use an external reader to logon with his Smart Card.
    Gemalto is able to read the card while it's inserted in both readers, but the card does not work to logon and CLM is not able to read it when it's inserted into the internal reader.
    If we retire his card or give him a blank card and try to personalize it with in the internal reader, we get the following error "A communication error with the Smart Card has been detected."
    The issue happens to this user only, on every workstation, and no one else using the same machines. He already got three replacement cards and even a different computer.
    If we personalize the Smart Card using the external reader, to read it in CLM is the same thing, to unlock the workstation it either says the certificate is invalid or that it had a communication error. However, CLM Smart Card Logon certificate seems to be correctly applied to the personal store when the card is personalized.

    I'm almost deleting this guy's ID and recreating it from scratch but this is far from being the appropriate solution.

    Any help or idea would be greatly appreciated.

    sexta-feira, 8 de junho de 2012 19:15

Todas as Respostas

  • Hi,

    Please refer the following article to troubleshoot this issue:

    Authentication Return Values

    in addition, please visit .net forum support to get a better anwser:

    Hope this helps!

    Best Regards
    Elytis Cheng

    Elytis Cheng

    TechNet Community Support

    segunda-feira, 11 de junho de 2012 07:27
  • Hi there,

    Unfortunately the reference page does not help. I've posted the same question in the forums, here's the thread.

    Today we did a battery of tests:

    1. Removed the user from Smart Card use;
    2. Got a blank card (we lost the count of how many cards he already tried);
    3. Tried to check the card information in Gemalto using the Internal and External reader, it says the card is not personalized;
    4. While using the Internal reader, tried to pull any card details in CLM, error is: "A communications error with the smart card has been detected. Retry the operation."
    5.  Tried to personalize the card using the Internal Reader, same error.
    6. Changed to external reader, CLM pulls the card information.
    7. Personalized the card with the external reader and kept user in Dual Mode so he would be able to logon either with username\password or Smart Card and PIN.
    8. Gemalto still shows "card not personalized" on both readers;
    9. User can logon with external reader, CLM correctly shows the card and certificate information.
    10. Double checked Certificates on Certificate Manager stores and Gemalto, all set and matching.
    11. Changed to internal reader, CLM shows the same error as when the card was not personalized "A communications error with the smart card has been detected. Retry the operation."
    12. If the client tries to logon using the internal reader, he is not even prompted to insert a PIN code, error is: "No valid certificates found. Check that the card is inserted correctly and fits tightly."

    • Editado WKStumpf sexta-feira, 15 de junho de 2012 17:00 tabulation fix
    sexta-feira, 15 de junho de 2012 16:59
  • This sounds like a case where the drivers for your internal reader are not correct.

    That, or your internal reader is defective

    - If you can do all actions with one of your readers and not the other, you have identified a problem with the failing reader. It has nothing to do with the operating system or CLM.


    sexta-feira, 15 de junho de 2012 20:28
  • I hoped that was the case but as stated on the opening message, everyone else may use the internal reader on his machine and the user may not use an internal reader on any other machine. This already passed through 3 levels of support and is currently stuck.

    • Editado WKStumpf segunda-feira, 25 de junho de 2012 20:08
    segunda-feira, 25 de junho de 2012 20:07
  • New ID;

    New machine;

    New card;

    Issue resolved.

    Although the setup is exactly the same, system load and drivers the same, it works now.

    Thank you!

    quinta-feira, 26 de julho de 2012 20:35