Smart Card logon after migrating certificate authority

Brandon Castor 1 Reputation point
2022-01-18T18:05:01.75+00:00

I did a CA migration in a domain from windows server 2008 to 2019, smart card logon was set up and it was working fine before the migration took place. I followed the usual steps of migrating a CA, ca and regedit backup and restore. Checked that the 3rd party certificate chain from the smart card was trusted and distributed on the domain and made sure that the chain was also on NTauthCertificates. when trying to log in with a smart card I get "Signing in with a smart card isn't supported for your account. For more info, contact your administrator", I disabled CRL checking just in case that could have caused an issue but I kept getting the same issue. Is there anything else that has to be done after a migration to ensure that smart card logon is still working?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,077 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,717 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,336 Reputation points
    2022-01-25T17:12:40.717+00:00

    Hello BrandonCastor,

    Thank you for your question and reaching out.

    I can understand you are facing with smart card login after migration of your CA.

    It can be issue with KDC certificate which may be not updated after migration of CA. I will suggest you to check Event logs in your DC and on your CA server while login using smart card.

    Let me share you some good troubleshooting thread URLs which should be helpful to resolve this issue.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/490e103f-ced1-4fde-ac84-51d0991e7f8f/smartcard-logon-not-supported-for-your-user-account?forum=winserversecurity

    https://social.technet.microsoft.com/Forums/ie/en-US/1707f046-8362-441b-99e9-00cf9149f6c5/smartcard-login-is-not-supported-for-your-account?forum=winservergen

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/7d416107-bff4-45ab-876a-81fe56a68e25/kdc-can-not-find-a-suitable-certificate-for-smart-card-logon?forum=winserversecurity

    https://social.technet.microsoft.com/Forums/windows/en-US/caaf63e9-f9c7-4fe5-ba95-045fa2d27b5d/authenticate-to-the-domain-using-a-smart-card?forum=w7itprosecurity


    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments