T
Tim
Hi,
I have smart card logon configured in Windows XP and 2003. Previously with
Windows 2000 Server it worked fine. I had not been using it as the cards had
become intermittent, but wish to test it again under XP (with new cards)and
with IIS SSL for Web Development and again, smart card logon ...
The following appears in the event log when I attempt to logon:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 9
Date: 6/07/2004
Time: 4:09:40 p.m.
User: N/A
Computer: <My Desktop Computer>
Description:
The client has failed to validate the Domain Controller certificate for <My
Domain>. The error data contains the information returned from the
certificate validation process. Contact your system administrator to
determine why the Domain Controller certificate is invalid.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 13 20 09 80 . .€
or
0000: 80092013
____
On the Server, events such as these appear, but not to any strict time
relationship:
Event Type: Warning
Event Source: KDC
Event Category: None
Event ID: 20
Date: 6/07/2004
Time: 3:43:58 p.m.
User: N/A
Computer: <My Server>
Description:
The currently selected KDC certificate was once valid, but now is invalid
and no suitable replacement was found. Smartcard logon may not function
correctly if this problem is not remedied. Have the system administrator
check on the state of the domain's public key infrastructure. The chain
status is in the error data.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000014 80092013 00000000 00000000
____
The CA was configured with a 'fake' issuer certificate for the purposes of
testing Secure Web with SSL and appraisal of Smart Card logon. IE the issuer
certificate has at its root <My Domain>.
How do I go about overcoming the above issue? Previously I believe the
solution was to install a copy of the root CA certificate on the desktop
machine concerned... It is still there.
Thanks,
- Tim
I have smart card logon configured in Windows XP and 2003. Previously with
Windows 2000 Server it worked fine. I had not been using it as the cards had
become intermittent, but wish to test it again under XP (with new cards)and
with IIS SSL for Web Development and again, smart card logon ...
The following appears in the event log when I attempt to logon:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 9
Date: 6/07/2004
Time: 4:09:40 p.m.
User: N/A
Computer: <My Desktop Computer>
Description:
The client has failed to validate the Domain Controller certificate for <My
Domain>. The error data contains the information returned from the
certificate validation process. Contact your system administrator to
determine why the Domain Controller certificate is invalid.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 13 20 09 80 . .€
or
0000: 80092013
____
On the Server, events such as these appear, but not to any strict time
relationship:
Event Type: Warning
Event Source: KDC
Event Category: None
Event ID: 20
Date: 6/07/2004
Time: 3:43:58 p.m.
User: N/A
Computer: <My Server>
Description:
The currently selected KDC certificate was once valid, but now is invalid
and no suitable replacement was found. Smartcard logon may not function
correctly if this problem is not remedied. Have the system administrator
check on the state of the domain's public key infrastructure. The chain
status is in the error data.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000014 80092013 00000000 00000000
____
The CA was configured with a 'fake' issuer certificate for the purposes of
testing Secure Web with SSL and appraisal of Smart Card logon. IE the issuer
certificate has at its root <My Domain>.
How do I go about overcoming the above issue? Previously I believe the
solution was to install a copy of the root CA certificate on the desktop
machine concerned... It is still there.
Thanks,
- Tim