In the event logs, I noticed the following error: "The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate." I found the following microsoft article: http://technet.microsoft.com/en-us/library/cc734096%28WS.10%29.aspx The problem is that when I go to delete the Domain Controller certificate within the "Personal" folder, its not there. And when I try to request a new one, it does not allow me to. It says: "Certificate types are not available" Any ideas?

Hi Customer, Please install AD Certificate Services Role on your DC, which auto created new enterprise root cert (or you import the old root cert). It will allow you to create a DC certificate in the personal folder. Regards, Rick Tan