Sign in with
Sign up | Sign in
Your question

HELP....smart card certificate was not trusted - logon den..

Last response: in Windows 2000/NT
Share
Anonymous
July 27, 2005 12:51:24 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi all,

I have a particular user who cannot logon using his smart card. He was
able to use it until yesterday.
The terminal server says that "the smart card certificate used for
authentication was not trusted".

Other users have no problems in logging on to the domain using smart
cards.

I checked the user's published certificate and it's ok, still valid.
the CRL distribution point is also fine and still valid. I already
checked Microsoft Knowledge Base 281245.

Windows 2000 domain - PKI,
Windows 2003 Terminal Server
Windows XPE Thin Clients in workgroup
ActivCard Gold 2.3.1

Anyone has an idea ?
Thank you very much for your help.
Anonymous
July 27, 2005 4:14:02 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Thank you both for your helping me. I really appreciate it.
Tomorrow I will check what you suggest and will post any results.

Regards.

Brian Komar wrote:
> In article <1122479483.985641.177310@f14g2000cwb.googlegroups.com>,
> barabba72@hotmail.com says...
> > Hi all,
> >
> > I have a particular user who cannot logon using his smart card. He was
> > able to use it until yesterday.
> > The terminal server says that "the smart card certificate used for
> > authentication was not trusted".
> >
> > Other users have no problems in logging on to the domain using smart
> > cards.
> >
> > I checked the user's published certificate and it's ok, still valid.
> > the CRL distribution point is also fine and still valid. I already
> > checked Microsoft Knowledge Base 281245.
> >
> > Windows 2000 domain - PKI,
> > Windows 2003 Terminal Server
> > Windows XPE Thin Clients in workgroup
> > ActivCard Gold 2.3.1
> >
> > Anyone has an idea ?
> > Thank you very much for your help.
> >
> >
> Do the following command from both the client computer and the terminal
> services computer. The command requires that you export the smart card
> certificate as a DER or BASE64 file.
>
> certutil -verify -urlfetch <certfile>
>
> The output should provide information as to why the certificate is not
> trusted.
>
> Brian
> --
> ==
> Brian Komar
> MVP - Windows - Security
> http://www.identit.ca/blogs/brian
Anonymous
July 27, 2005 4:27:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

In article <1122479483.985641.177310@f14g2000cwb.googlegroups.com>,
barabba72@hotmail.com says...
> Hi all,
>
> I have a particular user who cannot logon using his smart card. He was
> able to use it until yesterday.
> The terminal server says that "the smart card certificate used for
> authentication was not trusted".
>
> Other users have no problems in logging on to the domain using smart
> cards.
>
> I checked the user's published certificate and it's ok, still valid.
> the CRL distribution point is also fine and still valid. I already
> checked Microsoft Knowledge Base 281245.
>
> Windows 2000 domain - PKI,
> Windows 2003 Terminal Server
> Windows XPE Thin Clients in workgroup
> ActivCard Gold 2.3.1
>
> Anyone has an idea ?
> Thank you very much for your help.
>
>
Do the following command from both the client computer and the terminal
services computer. The command requires that you export the smart card
certificate as a DER or BASE64 file.

certutil -verify -urlfetch <certfile>

The output should provide information as to why the certificate is not
trusted.

Brian
--
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian
Anonymous
July 27, 2005 11:18:12 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

Can you run PKI Health tool (it is in Windows Server 2003 Resource Kit
Tools) on this computer? It might give you an idea what could be wrong
(maybe it can't reach CRL or CRL is out of date etc...).

Can this user logon to any other PC in domain?

--
Mike
Microsoft MVP - Windows Security

<barabba72@hotmail.com> wrote in message
news:1122479483.985641.177310@f14g2000cwb.googlegroups.com...
> Hi all,
>
> I have a particular user who cannot logon using his smart card. He was
> able to use it until yesterday.
> The terminal server says that "the smart card certificate used for
> authentication was not trusted".
>
> Other users have no problems in logging on to the domain using smart
> cards.
>
> I checked the user's published certificate and it's ok, still valid.
> the CRL distribution point is also fine and still valid. I already
> checked Microsoft Knowledge Base 281245.
>
> Windows 2000 domain - PKI,
> Windows 2003 Terminal Server
> Windows XPE Thin Clients in workgroup
> ActivCard Gold 2.3.1
>
> Anyone has an idea ?
> Thank you very much for your help.
>
!