![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 60%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
20,221 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi,
A couple of thoughts come to mind but it has been a while since I worked with Smart cards for login, so these may not be relevant.
First, I am going to make some assumptions. There is a certificate on the smart card. This is in an AD environment and you are using AD Certificate services for the PKI from which the smart card certificate was issued. The user is an AD User. That non-smart card logons are far quicker.
In this case when you are entering the PIN you are unlocking access to the private key for the smart card. The Smart card then does the crypto using that private key and sends the result back to windows. In your case this is over the RDP connection which can also add time.
- If you are using large keys then the crypto function on the smart card can take longer than you think to process. Depedending on smart card capabilities.
- your certficiate must be validate by windows. Trust checking and CRL/OCSP lookups can add to login times depedning on your environment.
Then windows logon takes over.
You can enable CAPI2 logging in event viewer to see if there are any issues there.
You can use wireshark or similar to check for delays with CRL/OCSP etc.
You can use a certificate with a shorter key length and see if that is any quicker.
Hope that helps