Smart card windows authentication error

Shan T 1 Reputation point
2021-11-21T05:46:13.263+00:00

Hi Team,

We have a 3 tier PKI infrastructure and recently renewed Root & Policy CA CRLs. We are started receiving the below error from the client machine trying to attempt windows client machine login. I've verified the smart card certificate from domain controller using the command "Certutil -verify -urlfetch <Certname.cer>" and it's working as expected, from the DC all the CRL locations are reachable and getting the latest CRLs. Could you please let me know how can I troubleshoot this further?

"The revocation status of the smart card certificate used for authentication could not be determined".

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,305 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 37,351 Reputation points
    2021-11-24T10:03:53.84+00:00

    Hi there,

    The target host is not able to validate the domain controller certificate, if It fails to obtain a CRL (or OCSP response) due to DNS or network issues, or A certificate in the chain or published CRL has expired.

    Check out some additional troubleshooting steps from this forums https://social.technet.microsoft.com/Forums/en-US/d63f9b72-e6bf-4df0-877e-860e364e0481/smart-card-logon-not-working-until-i-disable-revocation-check?forum=winserversecurity


    --If the reply is helpful, please Upvote and Accept it as an answer--