I have got FIM CM issuing SmartCards and Retiring SmartCards manually. However when I try to login with the SmartCard I get the following error: The system could not log you on. The server authenticating you reported an error (0x00000BB)……… The client operating system I’m trying is XP Professional SP3 and has the relevant Base CSP and card reader software installed (This is the client I use to issue the card etc). It is a Windows 2008 R2 Domain Controller. Anybody got any ideas ?

Hi I don't think your problem is related to FIM. Please verify the following to have a successfull SC logon : 1) Have you choosen the SC Logon template in your FIM Profile template ? 2) Have you checked that your domain controllers have a Domain Controller certificate in their machine store ? 3) Try a certutil -scinfo from your client machine in command line mode to see if the certificate in your card is OK 4) Try a PIN change using the FIM Client to see if your BaseCSP+Minidriver installation is OK ? Which card are u using ? Good luck Anthony

1) Have you choosen the SC Logon template in your FIM Profile template ? - Created a duplicate template and the FIM CM profie template is referencing this one. 2) Have you checked that your domain controllers have a Domain Controller certificate in their machine store ? - The DC has a valid certificate showing in it's store. 3) Try a certutil -scinfo from your client machine in command line mode to see if the certificate in your card is OK - Ran this and no errors reported. 4) Try a PIN change using the FIM Client to see if your BaseCSP+Minidriver installation is OK ? - Yes this work fine I'm using the Gemalto .NET soultions card. I'm currently rebuilding a new Virtual environment to go through the settings I made to ensure that I didn't miss anything out.

I found the issue with this. The problem I believe was that I was uding the original Domain Controller Authetication Certifcate. What I noticed in all the threads is that people were talking about KDC. After looking I noticed a Kerrberos Authentication certificate. This certifcate has all the correct application policies. I duplicated this and replaced the original certificate with this new one and it worked !!!