Smartcard Logon with 3rd Party CA Certificates


I have posted many issues about smartcard logon in the past and most of
them were about error messages that I received. I should warn everybody
that most of those messages are not informative (do not concentrate on
them, MS disappointed me in smartcard related messages).

The most critical part about smartcard logon is the DC certificate. You
should install the DC certificate and related key pair into the
machine's certificate store, not the active user's certificate store. I
would also recommend using "certutil -scinfo -v -urlfetch" command
which will reveal all the problems in your system.