HELP....smart card certificate was not trusted - logon denied !

  • Thread starter Thread starter barabba72
  • Start date Start date
B

barabba72

Hi all,

I have a particular user who cannot logon using his smart card. He was
able to use it until yesterday.
The terminal server says that "the smart card certificate used for
authentication was not trusted".

Other users have no problems in logging on to the domain using smart
cards.

I checked the user's published certificate and it's ok, still valid.
the CRL distribution point is also fine and still valid. I already
checked Microsoft Knowledge Base 281245.

Windows 2000 domain - PKI,
Windows 2003 Terminal Server
Windows XPE Thin Clients in workgroup
ActivCard Gold 2.3.1

Anyone has an idea ?
Thank you very much for your help.
 
Hi,

Can you run PKI Health tool (it is in Windows Server 2003 Resource Kit
Tools) on this computer? It might give you an idea what could be wrong
(maybe it can't reach CRL or CRL is out of date etc...).

Can this user logon to any other PC in domain?
 
Hi all,

I have a particular user who cannot logon using his smart card. He was
able to use it until yesterday.
The terminal server says that "the smart card certificate used for
authentication was not trusted".

Other users have no problems in logging on to the domain using smart
cards.

I checked the user's published certificate and it's ok, still valid.
the CRL distribution point is also fine and still valid. I already
checked Microsoft Knowledge Base 281245.

Windows 2000 domain - PKI,
Windows 2003 Terminal Server
Windows XPE Thin Clients in workgroup
ActivCard Gold 2.3.1

Anyone has an idea ?
Thank you very much for your help.
Click to expand...
Do the following command from both the client computer and the terminal
services computer. The command requires that you export the smart card
certificate as a DER or BASE64 file.

certutil -verify -urlfetch <certfile>

The output should provide information as to why the certificate is not
trusted.

Brian
 
Thank you both for your helping me. I really appreciate it.
Tomorrow I will check what you suggest and will post any results.

Regards.
 
Back
Top