Skip to main content

Questions tagged [smartcard]

A smartcard is a cryptographic device, an HSM of sorts, that is programmable and may be used for identification, authentication, private key storage, digital signatures, and other security functions.

Filter by
Sorted by
Tagged with
0 votes
2 answers
128 views

Managing passwords of many remote servers

I routinely login to many remote servers through SSH. I use a public/private SSH key to login without having to enter my password (https://linuxize.com/post/how-to-setup-passwordless-ssh-login/). ...
a06e's user avatar
  • 395
0 votes
1 answer
371 views

Windows hello for business: remove certificate from virtual smartcard

I've managed to add a certificate to windows hello for signin to RDP. See: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/rdp-sign-in?tabs=intune However ...
AnalyticaL's user avatar
0 votes
0 answers
462 views

Unblock virtual smart card

I've setup a virtual smart card by following this guide. It worked fine until someone locked out the virtual smart card and now it's blocked. When I try to use it with the correct code to sign in to ...
josibu's user avatar
  • 179
0 votes
1 answer
2k views

"Signing in with a smart card isn't supported for your account"

We ran into an issue today where suddenly none of our users could log into their workstations using Smart Cards. The error occurred with a fresh logon or after a 'switch user' but not when logging on ...
duct_tape_coder's user avatar
1 vote
0 answers
537 views

Need help figure out why I can logon to Windows with a revoked smartcard certificate

I am adding smart card login to our domain and have got almost everything working properly except that when I revoke the certificate on our Enterprise CA I can still log into computers. I have checked ...
Andy Haer's user avatar
0 votes
0 answers
164 views

How to set file permissions if user logged on using Smart Card or Windows Hello for Business

I have a hybrid joined Windows domain and have set up log-on with Smart Cards and Windows Hello for business. I would like to be able to set file server permissions based on whether a user logged on ...
Andy Haer's user avatar
2 votes
1 answer
470 views

Exporting a PFX file for Smartcard authentication driver issues

I have a ACR122 Smartcard reader I am attempting to export a PFX certificate to for password-less authentication. I have everything set up on the active directory server, but am stuck on the simplest ...
JimmyP624's user avatar
0 votes
1 answer
2k views

Smart card reader not able to detect in remote host

I have a situation where Host A (USB smart card reader connected) trying to RDP'ed to Host B, however, Host B was not able to detect the smart card reader on Host A in the remote session. Thing I have ...
Learning_Windows's user avatar
1 vote
1 answer
192 views

How do I get my server HSM working while connected via RDP? (Win 2019)

The error I get from pkcs11-tool.exe is "No slots." My server has a hardware security module (Nitrokey HSM 2) that becomes inaccessible once I connect to my server via Windows Remote Desktop....
Jacob Bruinsma's user avatar
0 votes
0 answers
1k views

Axway Desktop Validator

I have a windows server 2008R2 set up, we recently updated our servers personal certs and did a network reboot. Everything was fine for a few days until our weekly network reboot took place and from ...
techbuffalo's user avatar
0 votes
1 answer
2k views

Making (virtual) smartcard available to system service

I have a VM running Windows Server 2019 Datacenter Core, which is running a Jenkins build agent as a noninteractive service with its own local user account (.\build). Now I'd like to add code signing. ...
Simon Richter's user avatar
-2 votes
2 answers
1k views

Active Directory 2 Factor Authentication with Smartcards

I need 2 Factor Authentication with Smartcards, so i want to login with an Password and a Smartcard. I know that Smartcards have passwords, but my company doesn't like this solution. Is there a way to ...
Björn Max Jakobsen's user avatar
0 votes
0 answers
3k views

Trying to create a Powershell script to connect to a server via smart card

Sorry if this is in the wrong community but it seemed the best. My organization is trying to automate the commands that it has done manually before (Indexing computer storage, etc.). However, we use ...
Qiangong2's user avatar
  • 101
0 votes
1 answer
286 views

RDP Credentials Manager hangs when NFC pad has been connected

I'm struggling with a problem with RDP in a local domain environment. Everything usually works perfectly, and I can remote into any client or server within the domain. However, I'm working on a ...
JoeP's user avatar
  • 101
1 vote
1 answer
1k views

Openssh and smart card

I'm trying to connect to a remote host using a smart card (the same I use to login on my system). I extracted the rsa key from the smartcard: $ ssh-keygen -D /usr/lib/opensc-pkcs11.so -e ssh-rsa ...
Matteo Fabbroni's user avatar
1 vote
1 answer
3k views

Smartcard Authentication on Windows Domain Controller using Yubikey for Windows Login

I have a Yubikey 5 NFC and I am trying to configure it on a test bench for windows login authentication. I cannot seem to get the certificate to enroll on the Yubikey. I have followed the Yubikey ...
ubuntuuber's user avatar
2 votes
1 answer
1k views

smart card for UAC only

I'm in the process of configuring USB Yubikeys as a smart card for our company so that staff can elevate to an admin account (added to the computer's local administrators group) by simply inserting ...
captcha's user avatar
  • 588
1 vote
1 answer
3k views

Use Smartcard Reader on Azure Remote Desktop

What I want to achieve: Plug a Smartcard Reader on my Laptop Connect to my private Azure VPN Use Remote Desktop to access a Server using User and Password, with Intelligent Card option and USBs ...
Carbon's user avatar
  • 51
3 votes
1 answer
157 views

Smart Card removal behavior and card renewal

My customer is planning to introduce new Policy regarding smart card removal in their Windows Environment, most probably session break since it's a Citrix environment. Microsoft documentation on the ...
nethero's user avatar
  • 248
1 vote
0 answers
120 views

How to allow a newly inserted user certificate with Apache 'SSLVerifyClient optional'?

My web users are able to optionally use a Smart Card Certificate to identify themself via Firefox to my web server running Apache httpd 2.4. For this I use SSLVerifyClient optional plus for speed ...
Petra Verheim's user avatar
2 votes
1 answer
444 views

SSH with Yubikey and intermediate host

I'm on macos with a Yubikey. The Yubikey's publickey is added to ServerA and ServerB. I can connect to any server directly from macos with the Yubikey plugged in. Is it possible to SSH to ServerA and ...
Nils's user avatar
  • 23
0 votes
0 answers
3k views

Prevent Smart Card prompt when looking for Enrollment Certificate

I'm using an Enrollment Agent user certificate to amend CSRs (in order to add SANs) My method is working fine - using the following command: certreq -config "CertAuth" -policy "PathtoCSR" "Path to ...
Scepticalist's user avatar
0 votes
1 answer
129 views

How to view signatures fulfilling the "Authroized Signatures" option in a Smart Card Logon certificate from a Windows CA

I'm playing with the Windows Server CA role and Smart Card logons. We have a working PKI setup and smart card issuance/logon working. What I'm curious about is the "Require this number of authorized ...
Nicholas Dechert's user avatar
5 votes
0 answers
1k views

Smart card error from Remote Desktop app

On Windows 10 there are two apps to remotely connect to another computer. One is old Remote Desktop Connection (mstsc.exe) and the other is modern Remote Desktop (RdClient.Windows.exe hidden somewhere ...
Dialecticus's user avatar
0 votes
1 answer
2k views

Office365 with AD FS Without Azure AD

This should be a simple question, but Microsoft's documentation isn't completely clear on the matter. I may have a job coming up where I'll be setting up a new Windows Server 2016 Standard deployment ...
Christopher Hammond's user avatar
4 votes
1 answer
2k views

Encrypt/Decrypt filesystem container file with smartcard on linux

I want to encrypt and decrypt a file system container file with luks and a smartcard on debian linux. The smartcard is a Nitrokey Start which is basically a compact smartcard in a usb reader. I know ...
soulflyman's user avatar
2 votes
1 answer
2k views

Smart Card Windows Auth without PIN

Does anyone know of a simple and secure method of logging into a Windows 10 domain PC without having to type ANYTHING? I have remote workstations that I'd like to access using NVIDIA'S Gamestream ...
TheFunk's user avatar
  • 123
2 votes
1 answer
759 views

How to manage smartcards for Windows logon (inventory, certificates, expirations, etc.)?

We are implementing smartcards to comply with two-form authentication using the builtin support in Windows + AD, using YubiKeys and Gemalto .NET cards. As an admin I can issue new certificates for ...
Ricardo C's user avatar
  • 203
0 votes
1 answer
2k views

Windows Shared User Accounts with smart cards

I'm looking for a way to use smart cards to lock and unlock windows workstations used by shared user accounts. 1) We want to lock/unlock the shared user account with each user's personal staff card. ...
AL3's user avatar
  • 33
6 votes
1 answer
12k views

Joining AD domain with Windows 10 using smart card

My Windows "domain-centric" company has abruptly decided to make the switch from Windows 7 to Windows 10, and it has become my job to make their prepared image join our domain with our smart card/...
Y. Park's user avatar
  • 61
4 votes
0 answers
72 views

Why does RDS login screen vary by user and PC?

I have two identical Lenovo laptops running Windows 10 with all updates. Call them Left and Right. On the backend I have a domain controller and a Remote Desktop Server, both running Windows Server ...
Russ Kuhn's user avatar
0 votes
1 answer
6k views

pkcs11_lib - NSS Initialize Failed (bad database?)

I'm having trouble getting PKCS#11 and PAM to work, for whatever reason nss has stopped working and I can't create a new database. Here's the output from PKCS11 and NSS: DEBUG:pkcs11_lib.c:187: ...
Torxed's user avatar
  • 237
3 votes
2 answers
73k views

Smartcard Logon: The domain specified is not available. Please try again later

I'm standing up a test lab. Using AD CS, I've deployed a smartcard logon cert to an HID Crescendo C1150. When I attempt to log on to a WIN7 workstation with the smartcard, I'm greeted with: The ...
The_Glidd's user avatar
1 vote
1 answer
1k views

Passwordless login: virtual smart card with no pin? [closed]

I would like to set up a domain-joined computer for passwordless login with some low-privileged domain account that is specific to that computer. I've seen some blog posts that store the username and ...
0xFE's user avatar
  • 201
4 votes
1 answer
3k views

How can I tell which users credentials are cached on a local system?

I'm troubleshooting cached credentials on Windows 7, specifically Smart Card logins, and I would like to know how I can find out which users currently have their credentials cached on the machine. I ...
MathewC's user avatar
  • 7,017
5 votes
1 answer
4k views

Windows server 2012 R2 - delay before certificates start working

I have this weird unexplained delay before the certificates i put in my servers start actually working it goes something like this: I add the certificates snap-in to mmc to manage the computer ...
user avatar
2 votes
1 answer
264 views

How would one configure an IIS that has SSL and client certs functional, to show a warning page before logon

I have a web site that uses a CAC client certificate, which is functioning like it should. The problem is, there's a requirement that the site regurgitate a message warning that it's a US Government ...
tjobrien21's user avatar
4 votes
1 answer
606 views

Smart Card S/MIME with Exchange 2013

I have an Exchange 2013 environment that I'm trying to implement S/MIME with smart cards. To the best of my knowledge, and the little help I have received on TechNet, I have configured my Exchange ...
wolfenstein87's user avatar
0 votes
2 answers
2k views

Linux smart card authentication

I am using puttysc to authenticate to a remote Linux server with my smart card . But as I understand, this isn't true PKI authentication - puttysc just unlocks the public key and matches it to a user ...
ring0's user avatar
  • 1
1 vote
2 answers
3k views

Connecting to Server 2012 R2 using HP ThinPro (freeRDP), but smart card is not reading correctly

In preparation to deploy our new 2012R2 RD farm, we have updated our HP thin clients to ThinPro 5.0. They connect just fine using username/password, but when I try to use a smart card, I get the ...
Mighty Ferengi's user avatar
6 votes
3 answers
47k views

Slow logon via Remote Desktop to Server 2012 and Smart Card service errors

When I logon my Server 2012 R2 server via Remote Desktop it sits at the logon screen for 10-20 seconds before logging me in. Once logged in I find the following three errors in the Windows System ...
I say Reinstate Monica's user avatar
0 votes
0 answers
966 views

Smart Card Logon & next hop SSO RDP Login

I started to expriement with smart card based login. So far I can logon to my local PC using my smart card. What doesn't work is using sso when connecting via RDP to another server. I get the error ...
Jonathan's user avatar
  • 585
1 vote
1 answer
695 views

Require smart cards for connections to Windows 2012 remote access server

We have a Windows 2012 server accepting VPN connections over SSTP and authenticating them using the Network Policy Server feature on the same server. For client authentication we've set it up to ...
Kim Johnsson's user avatar
5 votes
1 answer
3k views

How do I configure AD CS to support Name Constraints (4.2.1.11 in RFC 2459)?

I am trying to figure out how to do Qualified Subordination with the critical extension set, but I'm unable to figure out how to do this in MSFT AD CS. For a given certificate, how do I make sure ...
makerofthings7's user avatar
1 vote
0 answers
7k views

KDC Certificate error using smartcard and Remote Desktop

Our Active Directory domain recently enforced smart card logons for administrator accounts. Since this change we have been unable to access some servers (2008 R2) using Remote Desktop. When attempting ...
jbru362's user avatar
  • 11
1 vote
0 answers
981 views

Windows Server 2008 - Smart Card service is down

I'm getting this weird error when trying to work with a SmartCard on an ec2 machine running Windows Server 2008. I'm using AnywhereUSB to connect my physical smart-card reader to the remote machine. ...
Rizon's user avatar
  • 111
3 votes
1 answer
89 views

Windows users with smartcards using Lync Android app

We have a Windows network where users are required to log in using a smartcard instead of a password. Is there a way of allowing our users to use the Andoroid/iOS Lync app, even though they don't ...
Meir's user avatar
  • 171
2 votes
1 answer
860 views

Web Server with PKCS11 support for server certificates?

I have a PKCS#11-compatible smart card with either a private key, or a combination of a certificate and a private key on it (I can have both). I want to present the certificate from the smart card to ...
rix0rrr's user avatar
  • 246
0 votes
0 answers
419 views

Use server-side certificate from Smart Card in IIS

I have a Smart Card (actually a USB dongle, called a Feitian ePass2003) with a certificate and its accompanying private key on it, and I want to use this certificate to serve my SSL site in IIS. To ...
rix0rrr's user avatar
  • 246
2 votes
1 answer
2k views

Smartcard Sharepoint Password prompt

I work in an organization that uses smartcard login. Passwords are not be used. When opening an attachment in Sharepoint, we are prompted with a username/password dialog. Clicking cancel will allow ...
Mike Christiansen's user avatar