Smart Card authentication not an option when logging into server core console

Shaunm001 301 Reputation points
2021-02-09T16:50:52.27+00:00

Trying to use Smart Card authentication to log into our Windows Server 2016 Server Core machine. If I log into it using RDP, I'm able to use smart card authentication. However, if I log into it at the console, I'm only given the option to use a password (see below). I checked to make sure "Smart Card" and "Certificate Propagation" services are running, USB drivers are working on the server. Are there any special tricks to enable this at the console?

66021-untitled.png

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,117 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AliceYang-MSFT 2,081 Reputation points
    2021-02-10T08:26:07.757+00:00

    Hi,

    I'm unfamiliar with server core but can provide you with some information about smart card authentication.

    Smart card authentication requires ADCS being installed and a CA infrastructure should be available. Can you please check whether the server meets the requirements. These cmdlets might help,
    Get-WindowsFeature

    If you need information about deploying a CA infrastructure, please refer to these links,
    Smart Card Deployment Planning Considerations
    Configuration instructions

    If the information doesn't help solving the issue, please let me know.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. AliceYang-MSFT 2,081 Reputation points
    2021-02-26T09:46:15.747+00:00

    Hi,

    Sorry that I didn't reply for a long time. I was trying to find a solution and now I get one that might work.

    Before we go to the solution, I'd like to know the meaning of "able to use smart card authentication using RDP". Do you mean when smartcard is connected to the physical server using smartcard reader and smartcard sign-in option is available in the RDP computer?

    If so, we can try setting smartcard sign-in as a must for the server. Please see, Additional smart card Group Policy settings and registry keys.

    The following smart card-related Group Policy settings are in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

    Interactive logon: Require smart card
    This security policy setting requires users to sign in to a computer by using a smart card.
    Enabled Users can sign in to the computer only by using a smart card.

    To manage local group policy for Server Core, please see
    Server Core 216 - How do I access/edit local group policy for Computer-Windows Settings-Security Settings
    Managing local group policy on Windows Server 2008 Core Edition

    After setting this policy to enabled, the server has to sign in with a smartcard. If smartcard sign-in option is still missing, sorry that I have no other solutions. If you'd like to, please contact Microsoft Support for Business or call Microsoft. There will be a dedicated Support Professional can troubleshoot this issue with you.

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments