Smart Card Problems

  • Thread starter Thread starter Matt
  • Start date Start date
M

Matt

Hi,
I am trying to get smart cards to work with my AD to log a user in.

If the user logs in the standard way everything works fine.
However, if the user tries to use the smart card... it doesn't.


It IS reading the smartcard as it knows if the pin is correct or not.

However, once you have entered the correct pin it says:


The system can not log you on due to the following error:
The revocation function was unable to check recovation for the certificate.

Please try again or consult your system administrator.



What does this mean? Where should I start looking? I don't really
see anything meaningful in the event logs on either the client machine
or on the domain controlers.
 
Hello Matt,

As I understood the problem you are experiencing is that your users can not
logon using smart card and receive the following error:
The revocation function was unable to check revocation for the certificate.

I have included a knowledge base article for you that will outline using
and configuring Smartcard.

257480 Certificate enrollment using smart cards
http://support.microsoft.com/?id=257480

308128 CERT WP: Troubleshooting PKI Part N: Smart Card Authentication
http://support.microsoft.com/?id=308128

Regards,
Sam Rakaba


Get Secure! - www.microsoft.com/security

============================================================================


When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

============================================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
 
The second knowledge base article is not currently available! However,
the problem is not setting them up. We have set it up per those
instructions. The issue is simply with the error message that is
coming up on the screen when someone tries to log on using the smart card.
 
Hello Matt.

Please Clarify some configuration for Me.
Are the Smart Cards installed on Windows 2000 pro /Windows XP.

Please Run Netdiag/DCdiag and Verify that Kerberos pass the test.
Publish the CRL to more that just the AD.
a. Launch the certification authority.
b. Right click the root authority and choose properties.
c. select the Policy Module tab and click the configure button
d. from the Properties box select the x509 extensions tab
e. Check the 2nd and/or third box in the upper window
f. apply
g restart the certificate services.
h. re-issue the root certificate.

Try another Client if possible.


Get Secure! - www.microsoft.com/security

============================================================================


When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

============================================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
 
Back
Top