Win7, VPN using client certificate.  Won't save setting, insists on using Smart Card

Berkson Wein
Berkson Wein used Ask the Experts™
on

I am working with a Microsoft VPN server setup that uses client certificates.  It works fine on all machines XP and Win 7, except for one new Win 7 machine.

This is a Windows 7 Pro laptop, an HP EliteBook 8460w.  It has a smart card slot which isn't being used.

The problem is that we're getting an error message:
Network Connections (window title)
Cannot load dialog.
Error 764: No smart card reader is installed.

It shouldn't be looking for a smart card reader.  In the VPN setup on the Security tab, Use Extensible Authentication Protocol (EAP) is selected and Microsoft: Smart Card or other certificate (encryption enabled).  Then under properties I select "Use a certificate on this computer" and complete the server names and root authorities.  

Now here's the oddity: if I click ok and ok again to close the vpn properties, when I go back to properties "Use my smart card" is selected not the radio button that tells it to use a certificate!

I can't imagine that this is a group policy issue, as other Win 7 pro machines are fine.  Unfortunately, there's not another HP  8460w laptop to test with.

Symantec Endpoint Protection 12.1 was originally installed on the machine.  Disabling it didn't make a difference.  Now I've uninstalled it completely, still with no change.  Everything else is a basic install, no different from the other machines in the network.

There's nothing that I see in the event log that relates.

I have uninstalled the Smart Card driver software package, stopped the smart card service, and disabled the smart card in the bios (and combinations).  Doesn't seem to make a difference.

Crazy right?

Any suggestions?  Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
0x6
Commented:
Have you tried creating a new VPN connection from Network and Sharing Center while not selecting 'Use a Smart Card' option and possibly delete the old one. When I select your options after creating the new connection they stay.
Berkson WeinTech Freelancer

Author

Commented:
Yep, been there done that.  I've deleted and recreated a bunch of times.  Different names and even a different IP address for the server.

The smart card / user certificate option in the drop down is one item, then you goto properties and select smart card OR certificate.
Top Expert 2016
Commented:
Symantec Endpoint does not uninstall fully.. you have to get a special utility from symantec support and also delete a bunch of registry entries
do you have any kind of broadband software you use, for example Verizon (VZaccess) or Spring (SmartView)?

If you do then, This fix is simple; uninstall the software, make your VPN settings (they will stick this time). Then reinstall the software for the broadband cards. The settings will remain in place.
Berkson WeinTech Freelancer

Author

Commented:
I had already used the cleanwipe tool from symantec to completely remove everything.  

serverman- thanks for that thought.  There is no broadband software on that machine either.

We've given up as the user was out of time - wound up reformatting completely, reinstalling everythnig (including SEP) and all is well in the world.  Too strange.  I wish that I had more time to diagnose...

Thanks for the help.
Tech Freelancer
Commented:
Had to reinstall the os due to time contraints, though other suggestions here might be helpful to others.
Berkson WeinTech Freelancer

Author

Commented:
Had to reinstall the os due to time contraints, though other suggestions here might be helpful to others.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial