This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 38%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Hi Team,
We have a 3 tier PKI infrastructure and recently renewed Root & Policy CA CRLs. We are started receiving the below error from the client machine trying to attempt windows client machine login. I've verified the smart card certificate from domain controller using the command "Certutil -verify -urlfetch <Certname.cer>" and it's working as expected, from the DC all the CRL locations are reachable and getting the latest CRLs. Could you please let me know how can I troubleshoot this further?
"The revocation status of the smart card certificate used for authentication could not be determined".
Hi there,
The target host is not able to validate the domain controller certificate, if It fails to obtain a CRL (or OCSP response) due to DNS or network issues, or A certificate in the chain or published CRL has expired.
Check out some additional troubleshooting steps from this forums https://social.technet.microsoft.com/Forums/en-US/d63f9b72-e6bf-4df0-877e-860e364e0481/smart-card-logon-not-working-until-i-disable-revocation-check?forum=winserversecurity
--If the reply is helpful, please Upvote and Accept it as an answer--
Hello,
I tried validating the DC certificate also from the client and the certificate check passed without any issues. And the issue is only when the Smartcard is trying to authenticate with a particular DC. All the requests that goes to other DCs are working fine.