Troubleshoot smart card logon to Windows
This article describes all the error codes for smart card logon to Windows and how to troubleshoot them.
For more information on how to set up smart card logon, see Set up smart card logon in Active Directory.
No card is detected
No card is detected
Error: No card is detected, and the login screen shows Connect a smart card.
Troubleshooting
Make sure that the card reader is connected to the computer.
Make sure that the card is inserted in the card reader. Often there is an indicator light on the card reader to show if the card is inserted or if the card is loading.
Make sure that the drivers for the card reader are installed correctly.
Make sure that the Cryptographic Service Provider (CSP) software, for example Nexus Personal Desktop Client, is installed correctly.
General error messages
No valid certificates were found on this smart card.
Error message: No Valid Certificates were found on this smart card.
Either the driver for the card has not been installed or the card is empty or missing certificates.
Troubleshooting
Make sure that the card contains certificates.
Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
Make sure that the drivers for the card reader are installed correctly.
The requested key container does not exist on the smart card.
Error message: The requested key container does not exist on the smart card.
Troubleshooting
Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
Make sure that the drivers for the card reader are installed correctly.
Error message: "The system could not log you on..."
A communication error with the smart card has been detected.
An error occurred trying to use this smart card. You can find further details in the event log.
Error message: The system could not log you on. An error occurred trying to use this smart card. You can find further details in the event log. Please report this error to the system administrator.
Troubleshooting
Check the log events/event viewer for errors. Troubleshoot depending on logged errors, and try to login again.
An untrusted certificate authority was detected while processing the smartcard certificate used for authentication.
Error message: The system could not log you on. An untrusted certificate authority was detected while processing the smartcard certificate used for authentication.
Troubleshooting
Make sure that the CA certificates are available on your client and on the domain controllers.
Make sure that the card certificates are valid.
Make sure your User name and domain are correct, then type your password again.
Error message: The system could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.
Troubleshooting
If login with username and password is not allowed, then you must log in with your smart card.
If login with username and password is allowed, then verify the domain, user name, and password. If needed, reset the password and try again.
The domain is not available.
Error message: The system cannot log you on now because the domain is not available.
Troubleshooting
Make sure that the computer is connected to the network.
If the computer is connected to the network, make sure that the domain controllers are reachable with ping.
Make sure that the computer has a valid IP address and that DNS works.
The requested certificate does not exist on the smart card.
Error message: The system could not log you on. The requested certificate does not exist on the smart card.
Troubleshooting
Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
Make sure that the drivers for the card reader are installed correctly.
The requested keyset does not exist on the smart card.
Error message: The system could not log you on. The requested keyset does not exist on the smart card.
Troubleshooting
Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
Make sure that the drivers for the card reader are installed correctly.
The revocation status of the domain controller certificate for smart card authentication could not be determined.
Error message: The system could not log you on. The revocation status of the domain controller certificate for smart card authentication could not be determined.
Troubleshooting
Make sure that the OCSP service is running and that a valid certificate revocation list (CRL) is available in the Active Directory (AD).
Try to log in on another computer, to see if you get the same result.
The revocation status of the smartcard certificate used for authentication could not be determined.
Error message: The system could not log you on. The revocation status of the smartcard certificate used for authentication could not be determined.
Troubleshooting
Restart the Key Distribution Center (KDC) service on the domain controllers.
Make sure that all object identifiers (OIDs) are available for the CA certificates.
The server authenticating you reported an error (0x%08lX). You can find further details in the event log.
Error message: The system could not log you on. The server authenticating you reported an error (0x%08lX). You can find further details in the event log. Please report this error to the system administrator.
Troubleshooting
Check the log events/event viewer for errors. Troubleshoot depending on logged errors, and try to login again.
The server authenticating you reported an error. You can find further details in the event log.
Error message: The system could not log you on. The server authenticating you reported an error. You can find further details in the event log. Please report this error to the system administrator.
Troubleshooting
Check the log events/event viewer for errors. Troubleshoot depending on logged errors, and try to login again.
The smartcard certificate used for authentication has been revoked.
Error message: The system could not log you on. The smartcard certificate used for authentication has been revoked.
Troubleshooting
Make sure if your certificate is revoked or not.
Clear the OCSP cache.
Make sure that the OCSP service is running and that a valid certificate revocation list (CRL) is available in the Active Directory (AD).
The smartcard certificate used for authentication was not trusted.
This card cannot be used to authenticate you in this domain.
Error message: The system could not log you on. This card cannot be used to authenticate you in this domain.
Troubleshooting
Make sure that the card certificates are valid.
Make sure that the user principle name (UPN) has the right suffix on the domain.
Make sure that the CA certificates are trusted by the domain, that is, that they are available on the domain controller.
You cannot use a smart card to log on because smart card logon is not supported for your user account.
Error message: The system could not log you on. You cannot use a smart card to log on because smart card logon is not supported for your user account, Contact your system administrator to ensure that smart card logon is configured for your organization.
Troubleshooting
Make sure that the CA certificates are available on your client and on the domain controllers.
Make sure that the CSP software (for example Nexus Personal Desktop Client) is installed correctly.
Make sure that the drivers for the card reader are installed correctly.
Make sure that all object identifiers (OIDs) are available for the CA certificates.
Your credentials could not be verified.
Error message: The system could not log you on. Your credentials could not be verified.
Troubleshooting
Make sure that the user principle name (UPN) is configured correctly in the Active Directory (AD).
Make sure that you have a network connection.
Make sure that the computer has not been removed from the domain.
Make sure that the CA certificates are installed on the client.
Restart the Key Distribution Center (KDC) service on the domain controllers.