Cannot Logon using Smartcard

From: muhsinak (muhsinak_at_gmail.com)
Date: 10/29/05

  • Next message: Andrew Phillips: "MSDTC Security Log Failure Audits" 
    Date: 28 Oct 2005 23:55:58 -0700

    Hi all,

    I am trying to setup smart card logon in Windows 2003 domain. Setup
    Offline Rootca, and Enterprise Sub CA for certificate enrollment.
    Assigned DC certificates. Able to write certificate and public/private
    key pair to Smartcard. I am using Gemsafe libraries 4.2. Able to
    access the certifcates for email encryption and signing from the smart
    card. But only smartcard logon certifcates does not work.

    when I try to logon I am getting error, event id 11 on application log,
    saying an error occured while decrypting a message using the smartcard
    inserted: Access denied.

    Enabled Logon auditing, event id 537 on security log with status code
    0xc000006d substatus code: 0xc0000321

    I am using GemXpress Pro cards.

    Any hints.........

    Thanks
    Ahmad Muhsin A.K.

  • Next message: Andrew Phillips: "MSDTC Security Log Failure Audits"

    Relevant Pages

    • Re: Windows logon through smart card.
      ... A real PKINIT SC logon uses a private key on the card. ... architecture and to enable smart card logon we have to hook msgina. ... If its a certificate based logon then how ...
      (microsoft.public.platformsdk.security)
    • Re: Windows logon through smart card.
      ... The card vendor should have a CSP ... You are correct that the certificate is stored only on the smart card. ... The smart card's role is to SIGN the logon process using the PRIVATE KEY ...
      (microsoft.public.platformsdk.security)
    • Re: Problem with smart card login
      ... > and password if the smart card logon is not available. ... > If you do not want a user to logon with a particular certificate, ... For Windows 2000 it may ... > computer does cache the CRL. ...
      (microsoft.public.win2000.security)
    • Re: Problem with smart card login
      ... a user may be able to logon with username ... and password if the smart card logon is not available. ... If you do not want a user to logon with a particular certificate, ... computer does cache the CRL. ...
      (microsoft.public.win2000.security)
    • Re: Problem with smart card login
      ... >> and password if the smart card logon is not available. ... >> If you do not want a user to logon with a particular certificate, ... For Windows 2000 it ...
      (microsoft.public.win2000.security)