Smart Card on Windows Server 2008 R2 Domain Controller
I had Windows 2003 domain controllers (DCs) and XP and Vista clients.
I had enabled the cryptographic logon (CLO) using the common access card (CAC) smart card and was successful and working fine.
Then I upgraded my domain to Windows 2008 R2 DCs and Windows 7 clients and now the CLO is having an issue.
The error says: "The system could not log you on. You cannot use a smart card to log on because smart card log on is not supported for your user account.” I have a test account using CAC UPN and I enabled smart
card is required for interactive logon meaning it is locked down for smart card only. Rebooted the DC and the client, but the error persists. I also followed the Guidelines for enabling smart card logon with third-party certification
authorities http://support.microsoft.com/kb/281245 suggested by
Joson Zhou, MSFT Moderator.
Any help is highly appreciated.
June 21st, 2010 6:57pm
Hello Pat,
a) Where can I find the EKU in my smart card?
b) This eror is before the prompt for my PIN.
V/r,
Dalailama
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2010 6:53pm
Hi Pat,
The EKU are Smart Card Logon, Client Authentication and Secure Email.
v/r,
DalaiLama
July 19th, 2010 7:04pm
Hi Morten,
I added the DC cert and it worked. Thanks.
v/r,
DalaiLama
Free Windows Admin Tool Kit Click here and download it now
July 21st, 2010 4:29pm
Glad you got it sorted :)
July 22nd, 2010 11:49am
Hi,
Please let me know the steps do this.
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2012 1:33pm