HELP....smart card certificate was not trusted - logon den..
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
Hi all,
I have a particular user who cannot logon using his smart card. He was
able to use it until yesterday.
The terminal server says that "the smart card certificate used for
authentication was not trusted".
Other users have no problems in logging on to the domain using smart
cards.
I checked the user's published certificate and it's ok, still valid.
the CRL distribution point is also fine and still valid. I already
checked Microsoft Knowledge Base 281245.
Windows 2000 domain - PKI,
Windows 2003 Terminal Server
Windows XPE Thin Clients in workgroup
ActivCard Gold 2.3.1
Anyone has an idea ?
Thank you very much for your help.
Hi all,
I have a particular user who cannot logon using his smart card. He was
able to use it until yesterday.
The terminal server says that "the smart card certificate used for
authentication was not trusted".
Other users have no problems in logging on to the domain using smart
cards.
I checked the user's published certificate and it's ok, still valid.
the CRL distribution point is also fine and still valid. I already
checked Microsoft Knowledge Base 281245.
Windows 2000 domain - PKI,
Windows 2003 Terminal Server
Windows XPE Thin Clients in workgroup
ActivCard Gold 2.3.1
Anyone has an idea ?
Thank you very much for your help.
More about : smart card certificate trusted logon den
Archived from groups: microsoft.public.win2000.security (More info?)
Thank you both for your helping me. I really appreciate it.
Tomorrow I will check what you suggest and will post any results.
Regards.
Brian Komar wrote:
> In article <1122479483.985641.177310@f14g2000cwb.googlegroups.com>,
> barabba72@hotmail.com says...
> > Hi all,
> >
> > I have a particular user who cannot logon using his smart card. He was
> > able to use it until yesterday.
> > The terminal server says that "the smart card certificate used for
> > authentication was not trusted".
> >
> > Other users have no problems in logging on to the domain using smart
> > cards.
> >
> > I checked the user's published certificate and it's ok, still valid.
> > the CRL distribution point is also fine and still valid. I already
> > checked Microsoft Knowledge Base 281245.
> >
> > Windows 2000 domain - PKI,
> > Windows 2003 Terminal Server
> > Windows XPE Thin Clients in workgroup
> > ActivCard Gold 2.3.1
> >
> > Anyone has an idea ?
> > Thank you very much for your help.
> >
> >
> Do the following command from both the client computer and the terminal
> services computer. The command requires that you export the smart card
> certificate as a DER or BASE64 file.
>
> certutil -verify -urlfetch <certfile>
>
> The output should provide information as to why the certificate is not
> trusted.
>
> Brian
> --
> ==
> Brian Komar
> MVP - Windows - Security
> http://www.identit.ca/blogs/brian
Thank you both for your helping me. I really appreciate it.
Tomorrow I will check what you suggest and will post any results.
Regards.
Brian Komar wrote:
> In article <1122479483.985641.177310@f14g2000cwb.googlegroups.com>,
> barabba72@hotmail.com says...
> > Hi all,
> >
> > I have a particular user who cannot logon using his smart card. He was
> > able to use it until yesterday.
> > The terminal server says that "the smart card certificate used for
> > authentication was not trusted".
> >
> > Other users have no problems in logging on to the domain using smart
> > cards.
> >
> > I checked the user's published certificate and it's ok, still valid.
> > the CRL distribution point is also fine and still valid. I already
> > checked Microsoft Knowledge Base 281245.
> >
> > Windows 2000 domain - PKI,
> > Windows 2003 Terminal Server
> > Windows XPE Thin Clients in workgroup
> > ActivCard Gold 2.3.1
> >
> > Anyone has an idea ?
> > Thank you very much for your help.
> >
> >
> Do the following command from both the client computer and the terminal
> services computer. The command requires that you export the smart card
> certificate as a DER or BASE64 file.
>
> certutil -verify -urlfetch <certfile>
>
> The output should provide information as to why the certificate is not
> trusted.
>
> Brian
> --
> ==
> Brian Komar
> MVP - Windows - Security
> http://www.identit.ca/blogs/brian
Archived from groups: microsoft.public.win2000.security (More info?)
In article <1122479483.985641.177310@f14g2000cwb.googlegroups.com>,
barabba72@hotmail.com says...
> Hi all,
>
> I have a particular user who cannot logon using his smart card. He was
> able to use it until yesterday.
> The terminal server says that "the smart card certificate used for
> authentication was not trusted".
>
> Other users have no problems in logging on to the domain using smart
> cards.
>
> I checked the user's published certificate and it's ok, still valid.
> the CRL distribution point is also fine and still valid. I already
> checked Microsoft Knowledge Base 281245.
>
> Windows 2000 domain - PKI,
> Windows 2003 Terminal Server
> Windows XPE Thin Clients in workgroup
> ActivCard Gold 2.3.1
>
> Anyone has an idea ?
> Thank you very much for your help.
>
>
Do the following command from both the client computer and the terminal
services computer. The command requires that you export the smart card
certificate as a DER or BASE64 file.
certutil -verify -urlfetch <certfile>
The output should provide information as to why the certificate is not
trusted.
Brian
--
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian
In article <1122479483.985641.177310@f14g2000cwb.googlegroups.com>,
barabba72@hotmail.com says...
> Hi all,
>
> I have a particular user who cannot logon using his smart card. He was
> able to use it until yesterday.
> The terminal server says that "the smart card certificate used for
> authentication was not trusted".
>
> Other users have no problems in logging on to the domain using smart
> cards.
>
> I checked the user's published certificate and it's ok, still valid.
> the CRL distribution point is also fine and still valid. I already
> checked Microsoft Knowledge Base 281245.
>
> Windows 2000 domain - PKI,
> Windows 2003 Terminal Server
> Windows XPE Thin Clients in workgroup
> ActivCard Gold 2.3.1
>
> Anyone has an idea ?
> Thank you very much for your help.
>
>
Do the following command from both the client computer and the terminal
services computer. The command requires that you export the smart card
certificate as a DER or BASE64 file.
certutil -verify -urlfetch <certfile>
The output should provide information as to why the certificate is not
trusted.
Brian
--
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian
Archived from groups: microsoft.public.win2000.security (More info?)
Hi,
Can you run PKI Health tool (it is in Windows Server 2003 Resource Kit
Tools) on this computer? It might give you an idea what could be wrong
(maybe it can't reach CRL or CRL is out of date etc...).
Can this user logon to any other PC in domain?
--
Mike
Microsoft MVP - Windows Security
<barabba72@hotmail.com> wrote in message
news:1122479483.985641.177310@f14g2000cwb.googlegroups.com...
> Hi all,
>
> I have a particular user who cannot logon using his smart card. He was
> able to use it until yesterday.
> The terminal server says that "the smart card certificate used for
> authentication was not trusted".
>
> Other users have no problems in logging on to the domain using smart
> cards.
>
> I checked the user's published certificate and it's ok, still valid.
> the CRL distribution point is also fine and still valid. I already
> checked Microsoft Knowledge Base 281245.
>
> Windows 2000 domain - PKI,
> Windows 2003 Terminal Server
> Windows XPE Thin Clients in workgroup
> ActivCard Gold 2.3.1
>
> Anyone has an idea ?
> Thank you very much for your help.
>
Hi,
Can you run PKI Health tool (it is in Windows Server 2003 Resource Kit
Tools) on this computer? It might give you an idea what could be wrong
(maybe it can't reach CRL or CRL is out of date etc...).
Can this user logon to any other PC in domain?
--
Mike
Microsoft MVP - Windows Security
<barabba72@hotmail.com> wrote in message
news:1122479483.985641.177310@f14g2000cwb.googlegroups.com...
> Hi all,
>
> I have a particular user who cannot logon using his smart card. He was
> able to use it until yesterday.
> The terminal server says that "the smart card certificate used for
> authentication was not trusted".
>
> Other users have no problems in logging on to the domain using smart
> cards.
>
> I checked the user's published certificate and it's ok, still valid.
> the CRL distribution point is also fine and still valid. I already
> checked Microsoft Knowledge Base 281245.
>
> Windows 2000 domain - PKI,
> Windows 2003 Terminal Server
> Windows XPE Thin Clients in workgroup
> ActivCard Gold 2.3.1
>
> Anyone has an idea ?
> Thank you very much for your help.
>
Related ressources:
- ForumSmart Card Certificate Enrollment Station ... problem
- ForumPKI SC Logon with no UPN.
- ForumProblems enabling smart card login on windows 2000
- ForumSingle Sign-on authentication using Smart Cards
- ForumGood system, but very low FPS on SC2!
- ForumAsus P5N32-SLI Premium Will Not Repost
- ForumHow many Watts do I need?
- ForumCan i run more then one session on the computer?
- ForumXP/ME Network problem
- ForumAttn. MVPs/MSFT - Q: different authentication methods for ..
- ForumVista Offers Nothing to Gamers
- ForumTask Manager Hell!!!!!
- ForumWindows task manager
- ForumHelp me choose 5.1 speakers
- ForumParallel and com ports not appearing in device manager
- ForumAnyone know how to get a 16k GemSafe card to work for logo..
- ForumHelp with VPN certificate
- ForumPlease help me
- ForumLogon/Logoff Failure Audit - Event 537 in Windows Server 2..
- ForumLogon Locally problem.
- More resources
!
