Re: Problems loggin in Windows Vista with a smart card enabled acc




Hello Alex,
I'm afraid I didn't solve the problem, and I kind of gave up on it for now.
Sorry. I wish you good luck and I hope you find a solution soon. If you do,
I'd love to hear how you do it :-)

Best regards.
-- Gloria.

"alexzamora@xxxxxxxxx" wrote:

Hello Gloria,


Did you already fix this problem? I have the same problem. Dou you
have any clue or hint?






On Jun 30, 4:10 pm, glosoria <gloso...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
"DaveMo" wrote:
On Jun 29, 8:43 am, glosoria <gloso...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
Hello everybody,

I am having problems setting up a scenario in which I can log on to an
account configured for smart card logon in Windows Vista.
I think I comply with all the specified requirements pointed out
in the paper published by Microsoft that is titled 'Windows Vista Smart Card
Infrastructure'().
When I try to log on I get an error saying "The system could not log you on.
Your credentials could not be verified" and in event viewer I can see the
following error:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event";>
- <System>
<Provider Name="Smart Card Logon" />
<EventID Qualifiers="1">7</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-06-29T12:32:12.000Z" />
<EventRecordID>414</EventRecordID>
<Channel>Application</Channel>
<Computer>gloriasLaptop.cyum.es</Computer>
<Security />
</System>
- <EventData>
<Data>El proveedor no pudo realizar la acción ya que el contexto se
adquirió de forma silenciosa.</Data>
<Binary>22000980</Binary>
</EventData>
</Event>

The error message in english is: error in the signature using the inserted
smart card: the provider couldn't do such operation because the
context was acquired in a silent way.

Any clues why this is happening?

Thanks in advance.

Totally a guess, but did you get prompted for a PIN when you tried to
logon? The provider may be returning a "no PIN prompt" flag and the SC
logon requirement may not like that.

Again, just a guess.

Dave

Hello Dave,

As a matter of fact I do get prompted for a PIN. When logged in Vista, I
press CTRL + ALT + DEL to be able to log on with a different account. The
logonUI displays three different tiles for me to use for logon:
1. The firs tile is the one that is used to log on with username and
password on the local computer.
2. The second tile says "other user"
3. The third tile says "smart card"
So I choose the third option, and I insert the smart card. I assume the
logon process works fine for the first part because the next thing that
happens is that my personal information (my full name-Universal Principal
Name and my email - Subject Alternative Name) get displayed. This
informations has been read from the certificate stored in my smart card.
Under this information there's a text box titled "PIN". There's also a third
text-box that's used to introduce hints (I activated this throught the local
Policy Group Settings). In the hint I write the account I want to log on to:
gloria.soria@xxxxxxxxxxxxxx the domain_name.es is my domain's name. Which my
computer has previously joined.
After I write the PIN I click on the arrow for the logon process to begin,
and that's when I get the "Your credentials could not be verified" error.

By the way, is there any way I can debug my card module while doing logon? I
tried writing to a file, but this doesn't work.

Thank you.- Hide quoted text -

- Show quoted text -


.



Relevant Pages

  • Re: Problems loggin in Windows Vista with a smart card enabled acc
    ... account configured for smart card logon in Windows Vista. ... in the paper published by Microsoft that is titled 'Windows Vista Smart Card ... The provider may be returning a "no PIN prompt" flag and the SC ... press CTRL + ALT + DEL to be able to log on with a different account. ...
    (microsoft.public.platformsdk.security)
  • Re: TSG 2008 / Smart card logon failes
    ... that ts-server displays my smart card and prompt to enter the pin ... if i reconnect to a disconnected session the logon works fine - but not the ... client recognises smartcard and prompts for PIN. ...
    (microsoft.public.windows.terminal_services)
  • Re: Single Sign-on authentication using Smart Cards
    ... screen and enter my PIN this does not log me onto the domain. ... question is how do you tie in domain logon information with the Smart Card? ...
    (microsoft.public.win2000.security)
  • RE: Certs on smart card, re-prompting for PIN (Internet Explorer 6)
    ... If the CERTIFICATE is protected with PIN, ... Most Smart Card software allows the caching of the PIN (ie. won't prompt ... would establish an SSL connection between client and server - and the ... I notice that the smart card "middleware" has settings for either ...
    (microsoft.public.platformsdk.security)
  • Re: Local system and user account - registry
    ... If their account is set to to use a Smart Card then they are forced to use a Smart ... Either they logon as "User Name" or with a Smart Card. ... Since you're checking this registry value in your script I'm assuming ... or a logon with a UPN will both cause your script to ...
    (microsoft.public.security)