?
Solved

Smart Card certificate not writing to card

Posted on 2012-04-06
4
Medium Priority
?
1,831 Views
Last Modified: 2012-04-21
Hi,

I am trying to get smart card authentication working in my test environment before rolling out it out into production.

I am following this guide as it seems to be one of the more detailed guides online for server 2008 R2:

http://henrysluiman.blogspot.co.uk/2011/12/installing-windows-2008-r2-certificate.html

My main aim is to allow smart card authentication on Remote Desktop Services.
But at the moment i cannot get my certificate to write to the card.

My setup consists of:
1 x DC with Server 2008 R2 Std installed
main Roles are:
Active Directory Certificate Services
Remote Desktop Services

1 x Windows 7 Pro virtual machine joined to the domain.
1 x Gemalto .Net Smart Card
1 x HID Omniikey 3121 Smart Card Reader


When following the guide i get to the part where i have to insert my smart card, and the screenshot depicts a 'enter your pin' prompt.
However i do not get that prompt.

Has anyone had any experience with .Net Smart Cards in a server 2008 R2 environment?
0
Comment
Question by:P4AC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 22

Expert Comment

by:Paka
ID: 37846543
The first thing that comes to mind is - did you download and install the Gemalto Smartcard Minidriver on your certificate issuing machine?  This driver is located here:

http://www.gemalto.com/products/dotnet_card/resources/libraries.html
0
 

Accepted Solution

by:
P4AC earned 0 total points
ID: 37851346
Hi,

I have now resolved this issue.

When i was Duplicating the smart card user Template, i am prompted to select from two options:
Windows Server 2003 Enterprise
or
Windows Server 2008 Enterprise

I was choosing 2008, but apparently this option does not let you configure any Cryptographic Service Provider settings.

After starting from Scratch and choosing 2003 i can now configure correctly and have now managed to logon to a pc using a smart card.
0
 

Author Closing Comment

by:P4AC
ID: 37875031
Went through troubleshooting steps with Microsoft support who pointed me in the right direction
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
New style of hardware planning for Microsoft Exchange server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question