3,085 questions
Never mind. I got it. It was a driver issue. Logon is working properly now in Windows 11.
Windows 11 and smartcard logon
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 80%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
Kevin Cornett
31
Reputation points
I'm currently testing smartcard logon for my employer. I have a GPO set up and it is applied to my computer only. My computer is running Windows 10 version 10.0.19044.2132. I can log in to my computer with my PIV card with no issues.
I have a new computer with Windows 11 that I was going to replace my computer with, and I wanted to attempt to log in to this new computer with my PIV card. I am unable to do so. When I attempt to log in, I get "no valid certificates were found on the smart card." So, I log in with username/password. In Windows, if I insert the smart card and run certutil -scinfo, I get the following: "Cannot open the key for the reader..." I also get "Cannot open the AT_KEYEXCHANGE key for reader:
The card reader drivers are correctly installed and windows sees the correct reader. It seems to me that Windows is automatically selecting the incorrect certificate, or is not able to even see the certificate, on the card. In my Windows 10 machine, when I am attempting to log in to windows, I have two certificate selections. One of those will not allow me to log in to Windows. The other will. On my Windows 11 machine, I am presented with only one certificate choice. It will not allow me to log in to windows.
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
3 answers
Sort by: Most helpful
-
Kevin Cornett 31 Reputation points
2022-11-07T19:09:51.03+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 17%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Michael Dula 0 Reputation points2023-01-31T16:29:03.0466667+00:00 I meant to post as a comment, whoops. So what do you mean it was a driver issue? You said the driver was installed. I'm having a similar issue with yubikeys and windows 11. Smartcard login works fine on Windows 10, but not at all on Windows 11. We've even successfully gone through the enrollment process on Windows 11 and it still won't work for logins, take that same key that was enrolled using Windows 11 and it works fine on Windows 10 to login.
Sign in to comment -
-
Michael Dula 0 Reputation points
2023-01-31T16:26:12.3633333+00:00 What do you mean by it was a driver issue if the driver was installed? What did you do to resolve the issue? I'm currently experiencing a similar issue with Yubikeys and Windows 11. On a windows 11 computer we can even go through the certificate enrollment process without issue but as soon as we try to use it to login it doesn't work. If we then take that same key that won't work on windows 11 and go login at a windows 10 pc it works perfectly.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 0%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Daniel Schneider 0 Reputation points2023-05-10T11:56:42.7566667+00:00 Same Issue here.
Excact same GPOs for Windows 11 as for Windows 10.
In Windows 10 everything works perfectly but Windows 11 won't log me in.
On the logon Screen I choose to login with Smartcard enter my PIN and then I got the error that Windows can't log me in with my card.
On Windows 11 "certutil -scinfo" works perfectly. Asks for my PIN, shows all my Certificates ...Any Ideas?
Thanks