Howdy everyone,

So...I've grabbed up some Gemalto .NET 2.0 smart cards to hopefully use as A.D. authentication and other various requirements. So, what I've done is on my PKI

Requested an Enrollment Agent cert

Duplicated the template Smartcard Logon and set accordingly:
* Purpose: Signature and smartcard login
* Cryptography: Must use one of the following: Microsoft Base Smart Card Crypto Provider
* Issuance: Requires 1 signature, Application Policy/Certificate Request Agent

I'm able to successfully get a cert and confirmed with the certutil scinfo command.

When I try to RDP to a server or workstation I get the following message

Remote Desktop Connection
An authentication error has occurred
The function requested is not supported

Remote computer: *computer name*

When logging in directly onto a machine (after PIN verification):

Signing in with a smart card isn't supported for your account

I have Domain Controller certs on my DC's (combination of 2008 R2 and 2012) that include purposes of  Client/Server/Smart Card Logon

I'm obviously forgetting something?

Thanks

• Edited by CompNerd84 Wednesday, August 26, 2015 3:33 PM formatting

Hi Amy,

Yes, I have the Kerberos Authentication template issued to them as well.

Hi,

In that case, I have no more ideas.

Have you contacted your smart card vendor?

Best Regards,

Amy