FIM 2010 R2 CM - Writing more than one smartcard logon certificate to one smartcard

Hello!

When a smartcard is issued, and the certificate is written to it, and I try to write another certificate using FIM CM, to that card, I get an error that says that the card is being used and cannot be reused (therefore needs to be retired or formatted).

I'm looking for a solution for writing multiple user certificated to the same card, using FIM CM, and would like to know if it is at all possible. 

PS-

Each certificate mentioned here, will be issued from a FIM CM server, located in a different domain. Meaning: the first certificate will be written using FIM CM in DomainA, the second one will be from another FIM CM, installed in DomainB, etc...

Thanks !

August 29th, 2013 4:45am

Hi Marom,

i had hope someone else would answer that. :-)

I think that will not work because both FIM CM will try to manage the card, e.g. setting the Admin key, but only the first FIM CM would know the diversified admin key and the second FIM CM would try to access the card with the default admin key and will fail (and will set the failure counter plus 1 at least). By default if the counter is 5 the card is blocked for ever on the admin side.

I think you will also see authentication errors (e.g. RPC server not available ) if you try to do cross domain rollouts, but that also depends how you define your card issuing process, renewing process etc.

Btw: What is the background of your question? What do you plan to achieve? 

Regards,

Lutz

Free Windows Admin Tool Kit Click here and download it now
September 6th, 2013 12:23am

Hello!

When a smartcard is issued, and the certificate is written to it, and I try to write another certificate using FIM CM, to that card, I get an error that says that the card is being used and cannot be reused (therefore needs to be retired or formatted).

I'm looking for a solution for writing multiple user certificated to the same card, using FIM CM, and would like to know if it is at all possible. 

PS-

Each certificate mentioned here, will be issued from a FIM CM server, located in a different domain. Meaning: the first certificate will be written using FIM CM in DomainA, the second one will be from another FIM CM, installed in DomainB, etc...

Thanks !

September 10th, 2013 9:17am

Thanks, Paul!

Do you know if there is a way of writing to certificates from the same FIM CM to a single smart card?

Free Windows Admin Tool Kit Click here and download it now
September 10th, 2013 9:42am

Thanks, Paul!

Do you know if there is a way of writing to certificates from the same FIM CM to a single smart

September 10th, 2013 9:44am

Right now, it seems as though we might try another approach, but if we reach a point, in which we'll want to try the 2-certs-one-card thing, I will repost here, and attach all of the relevant information.

Thanks a lot! :)

Free Windows Admin Tool Kit Click here and download it now
September 10th, 2013 9:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics