Re: HELP....smart card certificate was not trusted - logon denied !

From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 07/27/05 

Date: Wed, 27 Jul 2005 12:27:03 -0500

In article <1122479483.985641.177310@f14g2000cwb.googlegroups.com>,
barabba72@hotmail.com says...
> Hi all,
>
> I have a particular user who cannot logon using his smart card. He was
> able to use it until yesterday.
> The terminal server says that "the smart card certificate used for
> authentication was not trusted".
>
> Other users have no problems in logging on to the domain using smart
> cards.
>
> I checked the user's published certificate and it's ok, still valid.
> the CRL distribution point is also fine and still valid. I already
> checked Microsoft Knowledge Base 281245.
>
> Windows 2000 domain - PKI,
> Windows 2003 Terminal Server
> Windows XPE Thin Clients in workgroup
> ActivCard Gold 2.3.1
>
> Anyone has an idea ?
> Thank you very much for your help.
>
>
Do the following command from both the client computer and the terminal
services computer. The command requires that you export the smart card
certificate as a DER or BASE64 file.

certutil -verify -urlfetch <certfile>

The output should provide information as to why the certificate is not
trusted.

Brian 

-- 
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian

Relevant Pages

  • RE: Problems enabling smart card login on windows 2000
    ... Bad Certificate; ... Troubleshooting Windows 2000 PKI Deployment and Smart Card Logon ... | - Installing a Windows 2000 Server as a Domain Controller ...
    (microsoft.public.win2000.security)
  • Re: question about private certificate stored on smart card
    ... >> With Windows 2003 CA there is an option to archive user's private key. ... >> Archival is done automatically when certificate is issued. ... >> able to find out there are no smart card CSP available today that would ... > The software does allow recovery of smart card encryption certificates. ...
    (microsoft.public.win2000.security)
  • Re: Importing a Symmetric Key into the Microsoft Base Smart Card C
    ... On the Internet Accounts dialog box, click the Add button and select ... address stated in the e-mail certificate. ... account and click the Properties button. ... Outlook Express will ask you to insert your smart card. ...
    (microsoft.public.platformsdk.security)
  • Cannot use one Certificate for Smart Card Logon and EAP-TLS for Wireless
    ... We currently try to integrate our Smart Card to be used in Wireless EAP-TLS ... Currently we use our Smart Card for Microsoft Windows Certificate Logon. ... Why does the Smart Card Logon on EKU make the EAP-TLS failed? ...
    (microsoft.public.platformsdk.security)
  • Disable smart card authentication on Windows2000 Professional!
    ... to disable MS smart card authentication function in my ... To enable smart card or other certificate authentication ... certificate authority for your server certificate must be ...
    (microsoft.public.win2000.security)