Failed to open Windows session with CPS smartcard starting with Windows 11 23H2

Question

Hello,

We are the maintainer of french CPS healthcare smartcard

which driver consists of a legacy CSP (Cryptographic Service Provider).

And after conducting some tests on the Windows 11 release (23H2)

we have the behavior that smartcard logon no longer works.

Enabling audit logging, we note that the legacy CSP is not called by LSA service

to perform the main logon logic.

Is there any setting available to restore the CSP legacy compatibility ?

This broken use case will affect thousand of healthcare personals in their daily work.

Any clues to direct us are welcomed !

Thanks in advance :)

Answer 1

Hello Perret Bertrand,

Thank you for posting in Q&A forum.

The issue could be related to changes in security settings or updates in the operating system. Here are some steps you can take to troubleshoot:

1. Verify LSA Protection Settings

Open Windows Security. Go to Device Security > Core isolation details. Ensure that Memory integrity is turned on.

2. Check Event Viewer for Errors

Please share the details of your error in Event viewer, in English if could.

3. Review Group Policy Settings

Check if any Group Policy settings are affecting LSA: Press Windows + R, type gpedit.msc, and press Enter. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options. Review settings related to LSA and make necessary adjustments.

4.Check for Credential Guard Issues

Credential Guard can sometimes interfere with LSA: Open Windows Security. Go to Device Security > Core isolation details. Ensure that Credential Guard is configured correctly or temporarily disable it to see if it resolves the issue.

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.