Revocation status error of certs, users are unable to login using smartcards.
We have users at out work that revice a revocation issue when they go to log into there machines at work. There was some server matiance done a few weeks ago when the issue started happening. I have narrowed the issue down to either or domain controler and the users pc. Some where along the way certs from the smart cards are not being read or the credentials are not making it to the DC or are being revoked by the DC. I enabled CAPI2 logging and this is the log. I could really use some help as we talked to our regional server admins and they do not know the answer to the problem. Any and all help will be greatly helpfull. Edit: Exact error, Unable to verify certificate revocation status Users did not have issues logging in with smartcards prior to work on the domain controler. Running a ipconfig /release /renew seems to temporaly fix the problem, also uninstalling desktop tumbleweed validator and reinstalling it seems to temp fix the problem till the machine is restarted. We are also using active client 6.1 and 6.2 both with the service packs, and we are running into this issue mostly on VISTA SP1 + System - Provider [ Name] Microsoft-Windows-CAPI2 [ Guid] {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} EventID 81 Version 0 Level 2 Task 80 Opcode 2 Keywords 0x8000000000000040 - TimeCreated [ SystemTime] 2010-05-20T13:36:59.831Z EventRecordID 3189 Correlation - Execution [ ProcessID] 5144 [ ThreadID] 5172 Channel Microsoft-Windows-CAPI2/Operational Computer |Changed for Security reasons| - Security [ UserID] S-1-5-21-45967694-2085236719-324618207-103109 - UserData - WinVerifyTrust ActionID {00AAC56B-CD44-11D0-8CC2-00C04FC295EE} - UIChoice WTD_UI_NONE [ value] 2 - RevocationCheck [ value] 0 - StateAction WTD_STATEACTION_IGNORE [ value] 0 - Flags [ value] 80000100 [ WTD_SAFER_FLAG] true [ CPD_USE_NT5_CHAIN_FLAG] true - FileInfo [ filePath] C:\Windows\System32\compmgmt.msc [ hasFileHandle] true - RegPolicySetting [ value] 23C00 [ WTPF_OFFLINEOK_IND] true [ WTPF_OFFLINEOK_COM] true [ WTPF_OFFLINEOKNBU_IND] true [ WTPF_OFFLINEOKNBU_COM] true [ WTPF_IGNOREREVOCATIONONTS] true - StepError [ stepID] 3 [ stepName] TRUSTERROR_STEP_SIP - Result The form specified for the subject is not one supported or known by the specified trust provider. [ value] 800B0003 - StepError [ stepID] 9 [ stepName] TRUSTERROR_STEP_MSG_SIGNERCOUNT - Result The form specified for the subject is not one supported or known by the specified trust provider. [ value] 800B0003 - StepError [ stepID] 32 [ stepName] TRUSTERROR_STEP_FINAL_OBJPROV - Result The form specified for the subject is not one supported or known by the specified trust provider. [ value] 800B0003 - StepError [ stepID] 33 [ stepName] TRUSTERROR_STEP_FINAL_SIGPROV - Result No signature was present in the subject. [ value] 800B0100 - StepError [ stepID] 34 [ stepName] TRUSTERROR_STEP_FINAL_CERTPROV - Result No signature was present in the subject. [ value] 800B0100 - EventAuxInfo [ ProcessName] CompMgmtLauncher.exe - CorrelationAuxInfo [ TaskId] {BDE7C829-93E6-413E-A5CD-BE1A67BC58F8} [ SeqNumber] 2 - Result No signature was present in the subject. [ value] 800B0100
May 20th, 2010 5:49pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics