2003 enterprise CA smart card enrolment error
Hello,
Trying to enroll smart cards on behalf of another usrers and I am stuck.
Whenever I am trying to issue smartcard on behalf of another user I got error prompt:
1. "please insert the user's smart card" with info below
2. An unexpected error occurred. Error: Please insert the user's smart card.
No errors in event viewer on either workstation not CA, No certificate request reaches CA.
Has anyone had that problem before and could point me in the right direction please?
Using:
Gemplus gemSAFE Card CSP,
Microsoft Base Smart Card Crypto Provider installed on client and CA
Windows 2003 Enterprise Edition
AD integrated Issuing CA function
Cart type: GemPlus v2 smart card (its definitely not v3 by gemlto)
User has rights to read/enroll on certificate templates.
-Card reader drivers installed, can access certificate on smart card using GemSAFE tools, Gemplus SmartDiag v2.0 returns Passed the reader and the card it contains are OK
Trying to enroll smart cards on behalf of another usrers and I am stuck.
Whenever I am trying to issue smartcard on behalf of another user I got error prompt:
1. "please insert the user's smart card" with info below
2. An unexpected error occurred. Error: Please insert the user's smart card.
No errors in event viewer on either workstation not CA, No certificate request reaches CA.
Has anyone had that problem before and could point me in the right direction please?
Using:
Gemplus gemSAFE Card CSP,
Microsoft Base Smart Card Crypto Provider installed on client and CA
Windows 2003 Enterprise Edition
AD integrated Issuing CA function
Cart type: GemPlus v2 smart card (its definitely not v3 by gemlto)
User has rights to read/enroll on certificate templates.
-Card reader drivers installed, can access certificate on smart card using GemSAFE tools, Gemplus SmartDiag v2.0 returns Passed the reader and the card it contains are OK
ASKER
enrollment agent satiation is XP SP3 with enrollment agent (user not computer)
used to put card when it prompts for it (after selecting smart card user), I also checked it with
yes I tried your suggestions with no luck so far.
used to put card when it prompts for it (after selecting smart card user), I also checked it with
yes I tried your suggestions with no luck so far.
I would suggest reinitializing the card using the vendor software then trying again, or trying another batch of cards if available.
Also, if you have not done a cold boot, I would suggest doing that as well - when powered off, try reseating the reader.
If you have multiple readers, try using only one instead and if that doesn't work try the other.
Otherwise, I would suggest contacting gemalto and seeing if they have product updates that you can get that might help out. They may also be able to help diagnosing by instructing you how to enable logging for their middleware and assist in reading the logs to determine the specific cause.
Also, if you have not done a cold boot, I would suggest doing that as well - when powered off, try reseating the reader.
If you have multiple readers, try using only one instead and if that doesn't work try the other.
Otherwise, I would suggest contacting gemalto and seeing if they have product updates that you can get that might help out. They may also be able to help diagnosing by instructing you how to enable logging for their middleware and assist in reading the logs to determine the specific cause.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for suggestions,
there is just 1 smart card reader in device manager
so far:
1. I restarted workstation/CA after every single change I made
2. tried it on 2 different card readers
3. contacted gemalto and waiting for their respond.
in the meantime will:
-try different PC as enrollment agent (possibly with xp SP2)
-have play with certutil/certreq
-produce csp debug log
regards,
there is just 1 smart card reader in device manager
so far:
1. I restarted workstation/CA after every single change I made
2. tried it on 2 different card readers
3. contacted gemalto and waiting for their respond.
in the meantime will:
-try different PC as enrollment agent (possibly with xp SP2)
-have play with certutil/certreq
-produce csp debug log
regards,
How are things going on this issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Wow - you should ask for a refund and just get the cards straight from gemalto. Subvendors of smartcards do too many crazy things too often and you end up with half a product (software or card) if you're lucky. Who wants a CA specific card for smartcard logon? Maybe if you had a tool to declare your own CA... even that I would be annoyed by in most cases.
Have you tried with card already inserted and also without the card inserted (insert card when prompted)? With card already in, you can try leaving it logged out of the card and also after logging into the card via the gemplus utilities.