Share via

Smart Card Login issues

Studmuffin 1134 1 Reputation point
2021-02-04T04:10:11.2+00:00

I am having an issue where i get the smart card enrolled and everything when i go to login it says that smart card login is not enabled for my account i have the domain authentication certificate installed on the client PC that i want the login to take place i checked the time settings everything i could think of but i cant figure out what is keeping it both the domain authentication template and the smart card cert template both have smart card logon

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
0 comments

9 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-02-04T06:25:09.837+00:00

    Hello @Studmuffin 1134 ,

    Thank you for posting here.

    First
    Do you request certificate on DC? If no, we can request certificate on DCs using Kerberos Authentication certificate template
    or Domain Controller Authentication certificate template.

    1.Type certlm.msc on Search Bar and click Enter.
    2.Expand Certificates (Local Computer), right-click Personal, click All Tasks, and then click Request New Certificate.
    In the Request Certificates page select Domain Controller Authentication
    3.Check if that works for you!

    Second
    Check if the CA root certificate are install on both DCs and PCs (Trusted Root Certification Authority).
    1.Type certlm.msc on Search Bar and click Enter.
    2.Expand Certificates (Local Computer), click Trusted Root Certification Authority\Certificates.

    63871-cer.png

    Here is a similar case we can refer.
    Smartcard Logon not enabled
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/ee52cb8f-c3cd-437f-9fc8-6884dd335394/smartcard-logon-not-enabled?forum=winserversecurity

    If is does not work above, please confirm information below:

    1.How many accounts have such issue?
    2.How many machines have such issue?

    Thank you for your understanding.

    Best Regards,
    Daisy Zhou

    0 comments
  2. Studmuffin 1134 1 Reputation point
    2021-02-04T06:33:42.967+00:00

    i was doing self enroll becuase that was the instructions on the piv key website said to do i am very new to certificate managemnt so i really dotn know what your talking about i know that i never requested the cert on the dc i requestied it from the client pc
    i have the domain controller cert on the client pc and my two domain controllers i have the domain authentication cert on the client pc do i need it installed on the dcs?

    0 comments
  3. Studmuffin 1134 1 Reputation point
    2021-02-04T06:34:28.477+00:00

    i have one test machine and one test account and they dont work not the account or the machine

    0 comments
  4. Anonymous
    2021-02-04T07:43:06.907+00:00

    Hello @Studmuffin 1134 ,

    Thank you for your update.

    Do you have your internal CA server or you are using third-part CA server?

    You can refer to the following link.
    Guidelines for enabling smart card logon with third-party certification authorities
    https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/enabling-smart-card-logon-third-party-certification-authorities

    Best Regards,
    Daisy Zhou

    0 comments
  5. Studmuffin 1134 1 Reputation point
    2021-02-04T08:01:22.833+00:00

    I have two domain controllers one of them is the certifiate authority

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.