Hi Moe
could you try this:
- Verify Smart Card Configuration:
- Ensure that the smart card reader is properly connected to the server and functioning correctly.
- Check if the YubiKey is recognized by the system. You can do this by checking the Device Manager for any issues or errors related to the smart card reader or YubiKey.
- Certificate Configuration:
- Make sure the certificate used for smartcard login is correctly installed on the server.
- Verify that the certificate template used to issue the certificate allows for smartcard logon and has the appropriate settings (e.g., key usage, enhanced key usage).
- Check if the certificate is issued by a trusted certification authority (CA) that is recognized outside the domain. If not, ensure that the CA's root or intermediate certificate is installed on the external systems where the certificate chain check fails.
- Network Connectivity and DNS:
- Confirm that the server has network connectivity to the external systems where the certificate chain check fails.
- Ensure that DNS is configured correctly, both internally and externally, so that the server can resolve the domain and certificate authority (CA) names.
- Certificate Revocation Checking:
- In some cases, certificate revocation checking can cause issues with smartcard logon. Try disabling certificate revocation checking temporarily to see if it resolves the problem. This can be done via Group Policy or by modifying the registry.
- Verify User Account and Mapping:
- Double-check that the user account being used for smartcard logon exists and is correctly mapped to the certificate in Active Directory.
- Ensure that the user account has the necessary permissions to log on using smartcard authentication.
- Check Event Viewer:
- Review the Event Viewer logs on the server for any related error messages or warnings that might provide more insight into the issue.