Windows Security Not Recognizing Inserted CAC

Question

Up until yesterday, my Adesso CAC reader was working without issue and Windows was letting me sign-in to CAC enabled websites from home without issue. However, trying to access email yesterday, I selected my proper security certificate from my CAC but then I get another pop-up from Windows Security saying directing me to "Connect a Smart Card". After this happens, I am locked out of any CAC enabled sites and don't even receive any further prompts or pop-ups when reloading the page.

To reiterate, when initially trying to sign-in, I am prompted to select a security cert so the card is initially recognized. Windows Security then pops up, after selecting my cert, and is telling me to insert a smart card.

***moved from Windows / Windows 11 / Devices and drivers***

Answer 1

Log on as the local administrator. Go to Start, Run, type in: services.msc, Verify that both ActivClient middleware and SmartCard services are stopped. (Windows 8 users hover your mouse in the lower right corner of your screen to get the Charms bar to show up. Click Search, type in "regedit.exe" then click it with your mouse.)

From the Search programs and files (Windows 8 and newer): type: Regedit

Navigate to "HKLM\Software\Microsoft\Cryptography" Right click on the Calais folder then choose "Permissions".

Verify "LOCAL SERVICE" exists, if it doesn't, click "ADD"

In the large white box type "LOCAL SERVICE" IF your computer is part of a domain, you will need to add your computer name\ before "LOCAL SERVICE"

Click Check Names, then OK.

Select Local Service -> Click Advanced (button) -> in the Permissions (tab) select LOCAL SERVICE -> and click Edit. (Windows 8.1 & 11 users will need to click "Show advanced permissions" to see these).

Mark the following with Allow:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Delete

Read Control

Click OK

Close all open windows

Open Services.msc again, Start smart Card Service, Start ActivClient middleware Service.

CAC Reader "should" now be showing in ActivClient.

Answer 2

I had a similar problem with the Windows 11 update on 20 Oct 2024. The device manager says the CAC readers are installed and up to date and recognizes them. However, my CAC card and certificates will not read. The green light on the SCR3310v2 does not light up with the card is in it. I've installed brand new drivers and tried just about everything. I also deactivated memory integrity and vulnerable driver blocklist, but I see no change. I know the CAC readers are working because I bought two brand new ones and tested on another computer. Both the SCR3310v2 and the SCR3500 are new and work, but will not read on my computer. I think it is something in the Windows 11 update that is causing this issue. Please help.

Answer 3

Hello,

For your problem, we recommend you try the following steps:

1. Make sure your CAC reader is properly plugged into your computer and the drivers are installed correctly. You can try reseating the CAC reader or check the status of the CAC reader in Device Manager.
2. Make sure your certificate is installed correctly and has not expired. You can check the status of the certificate in Certificate Manager.
3. Try using your CAC reader and certificate on another computer to determine if the problem is related to your computer.
4. If the problem persists, try running Windows System File Checker (SFC) and the DISM tool to repair any possible system file corruption.

Run SFC: Open the command prompt with administrator rights, enter sfc /scannow and press Enter. The system will automatically scan and repair system files. After the scan is complete, restart your computer to see if the problem is resolved.

Run DISM: If SFC fails to resolve the issue, then run the following command in the command prompt for a deep system repair: DISM /Online /Cleanup-Image /RestoreHealth This will check and repair the integrity of the Windows image. After the operation is completed, restart the computer again and observe whether the CAC reader returns to normal.

Best Regards,

Yanhong Liu

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 4

I tried the suggested fix and it did not work.

Windows is telling me that it does not have enough information to verify the certificates. So it is recognizing that I have the proper certs but Windows Security does not identify my CAC as being inserted still even though my browsers do.

I have installed the most recent Windows update.

This is a frustrating issue as I went months without this being an issue to all of a sudden being locked out of using my CAC overnight.

Answer 5

I suggest you do the following:

1. Remove your CAC from the reader.
2. Visit the Internet options located in the control panel.
3. Click the content tab.

4.. Click Clear SSL state.

5. Click certificates.
6. As a backup measure export all the certs found under Personal.
7. Remove all the certs found under Personal and close the window.
8. Place your CAC back in the reader.
9. Go back and check the Personal certificates area and they should be back.
10. Launch your web browser and try to visit sites requiring a CAC.