Page tree
Skip to end of metadata
Go to start of metadata

This article describes all the error codes for smart card logon to Windows and how to troubleshoot them.

For more information on how to set up smart card logon, see Set up smart card logon in Active Directory

Expand/Collapse All

No card is detected

 No card is detected

Error: No card is detected, and the login screen shows Connect a smart card.

Troubleshooting

  1. Make sure that the card reader is connected to the computer.
  2. Make sure that the card is inserted in the card reader. Often there is an indicator light on the card reader to show if the card is inserted or if the card is loading.
  3. Make sure that the drivers for the card reader are installed correctly.
  4. Make sure that the Cryptographic Service Provider (CSP) software, for example Nexus Personal Desktop Client, is installed correctly.

General error messages

 No valid certificates were found on this smart card.

Error message: No Valid Certificates were found on this smart card.

Either the driver for the card has not been installed or the card is empty or missing certificates.

Troubleshooting

  1. Make sure that the card contains certificates.
  2. Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
  3. Make sure that the drivers for the card reader are installed correctly.
 The requested key container does not exist on the smart card.

Error message: The requested key container does not exist on the smart card.

Troubleshooting

  1. Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
  2. Make sure that the drivers for the card reader are installed correctly.

Error message: "The system could not log you on..."

 A communication error with the smart card has been detected.

Error message: The system could not log you on. A communication error with the smart card has been detected.

Troubleshooting

  1. Was the card removed during the login procedure? Then try again.
  2. Make sure that the card reader is functioning.
  3. Switch USB port for the card reader and try again.
 An error occurred trying to use this smart card. You can find further details in the event log.

Error message: The system could not log you on. An error occurred trying to use this smart card. You can find further details in the event log. Please report this error to the system administrator.

Troubleshooting

  1. Check the log events/event viewer for errors. Troubleshoot depending on logged errors, and try to login again.
 An incorrect PIN was presented to the smart card.

Error message: The system could not log you on. An incorrect PIN was presented to the smart card.

Troubleshooting

  1. Make sure that NUM LOCK is on, if it is used.
  2. Try to log in again with the correct PIN.
 An untrusted certificate authority was detected while processing the smartcard certificate used for authentication.

Error message: The system could not log you on. An untrusted certificate authority was detected while processing the smartcard certificate used for authentication.

Troubleshooting

  1. Make sure that the CA certificates are available on your client and on the domain controllers.
  2. Make sure that the card certificates are valid.
 Make sure your User name and domain are correct, then type your password again.

Error message: The system could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.

Troubleshooting

  1. If login with username and password is not allowed, then you must log in with your smart card.
  2. If login with username and password is allowed, then verify the domain, user name, and password. If needed, reset the password and try again.
 The domain is not available.

Error message: The system cannot log you on now because the domain is not available.

Troubleshooting

  1. Make sure that the computer is connected to the network.
  2. If the computer is connected to the network, make sure that the domain controllers are reachable with ping.
  3. Make sure that the computer has a valid IP address and that DNS works.
 The requested certificate does not exist on the smart card.

Error message: The system could not log you on. The requested certificate does not exist on the smart card.

Troubleshooting

  1. Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
  2. Make sure that the drivers for the card reader are installed correctly.
 The requested keyset does not exist on the smart card.

Error message: The system could not log you on. The requested keyset does not exist on the smart card.

Troubleshooting

  1. Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
  2. Make sure that the drivers for the card reader are installed correctly.
 The revocation status of the domain controller certificate for smart card authentication could not be determined.

Error message: The system could not log you on. The revocation status of the domain controller certificate for smart card authentication could not be determined.

Troubleshooting

  1. Make sure that the OCSP service is running and that a valid certificate revocation list (CRL) is available in the Active Directory (AD).
  2. Try to log in on another computer, to see if you get the same result.
 The revocation status of the smartcard certificate used for authentication could not be determined.

Error message: The system could not log you on. The revocation status of the smartcard certificate used for authentication could not be determined.

Troubleshooting

  1. Restart the Key Distribution Center (KDC) service on the domain controllers.
  2. Make sure that all object identifiers (OIDs) are available for the CA certificates.
 The server authenticating you reported an error (0x%08lX). You can find further details in the event log.

Error message: The system could not log you on. The server authenticating you reported an error (0x%08lX). You can find further details in the event log. Please report this error to the system administrator.

Troubleshooting

  1. Check the log events/event viewer for errors. Troubleshoot depending on logged errors, and try to login again.
 The server authenticating you reported an error. You can find further details in the event log.

Error message: The system could not log you on. The server authenticating you reported an error. You can find further details in the event log. Please report this error to the system administrator.

Troubleshooting

  1. Check the log events/event viewer for errors. Troubleshoot depending on logged errors, and try to login again.
 The smart card is blocked.

Error message: The system could not log you on. The smart card is blocked.

Troubleshooting

  1. Unlock the smart card with the PUK code or challenge and response, depending on the card type and CSP software.
 The smartcard certificate used for authentication has been revoked.

Error message: The system could not log you on. The smartcard certificate used for authentication has been revoked.

Troubleshooting

  1. Make sure if your certificate is revoked or not.
  2. Clear the OCSP cache.
  3. Make sure that the OCSP service is running and that a valid certificate revocation list (CRL) is available in the Active Directory (AD).
 The smartcard certificate used for authentication has expired.

Error message: The system could not log you on. The smartcard certificate used for authentication has expired.

Troubleshooting

  1. Make sure that the card certificates are valid.
 The smartcard certificate used for authentication was not trusted.

Error message: The system could not log you on. The smartcard certificate used for authentication was not trusted.

Troubleshooting

  1. Make sure that the CA certificates are available on your client and on the domain controllers.
  2. Make sure that the card certificates are valid.
 This card cannot be used to authenticate you in this domain.

Error message: The system could not log you on. This card cannot be used to authenticate you in this domain.

Troubleshooting

  1. Make sure that the card certificates are valid.
  2. Make sure that the user principle name (UPN) has the right suffix on the domain.
  3. Make sure that the CA certificates are trusted by the domain, that is, that they are available on the domain controller.
 You cannot use a smart card to log on because smart card logon is not supported for your user account.

Error message: The system could not log you on. You cannot use a smart card to log on because smart card logon is not supported for your user account, Contact your system administrator to ensure that smart card logon is configured for your organization.

Troubleshooting

  1. Make sure that the CA certificates are available on your client and on the domain controllers.
  2. Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
  3. Make sure that the drivers for the card reader are installed correctly.
  4. Make sure that all object identifiers (OIDs) are available for the CA certificates.
 Your credentials could not be verified.

Error message: The system could not log you on. Your credentials could not be verified.

Troubleshooting

  1. Make sure that the user principle name (UPN) is configured correctly in the Active Directory (AD).
  2. Make sure that you have a network connection.
  3. Make sure that the computer has not been removed from the domain.
  4. Make sure that the CA certificates are installed on the client.
  5. Restart the Key Distribution Center (KDC) service on the domain controllers.