Hello,
Thank you for posting in our TechNet forum.
According to the note message:
Note If you use the credential SSP on computers running the supported versions of the operating system that are designated in the Applies To list at the beginning of this topic: To sign in with a smart card from a computer that is not joined to a domain, the smart card must contain the root certification of the domain controller. A public key infrastructure (PKI) secure channel cannot be established without the root certification of the domain controller.
According to my understanding, the root certification of the domain controller is the root certificate of the domain controller, we can export it as below:
- Logon the DC with domain administrator.
- Open certlm.msc console.
- Navigate to Certificates - Local Computer\Personal\Certificates.
- Find the corresponding certificate and right click it->All tasks->Export.
- Import the root certificate of the domain controller to Smart Card.
Best Regards,
Anne