An error occurred while logging on to the smart card. The system prompts that your account does not support logging on to the card.

Source: Internet
Author: User

Okay. because our environment is very complicated. simulate the network environment of a large enterprise. therefore, you will always encounter strange things. no, it's an accident today. first, esxi does not know why. after that, you cannot log on to the smart card.

My colleague told me that the error message is:

The system cocould not log you on. you cannot use a smart card to log on because smart card logon is not supported for your user account. contact your system administrator to ensure that smart card logon is configured for your organization.

The login interface appears. I looked at it. It's strange, because this message has basically never been encountered. The approximate meaning of the translation is:

The system cannot allow you to log on. You cannot log on with a smart card. Because your account does not support logging on with a smart card, please contact your system administrator to ensure that you have configured a smart card for your organization.

Okay. I went there. I used to do well. Now that this error has occurred, I think about the latest operations.

1. Because of the need to simulate the environment, I added a slave Certificate Server.

However, this does not cause this error. because, on the server, I have configured the related allow login. in addition, after the slave Certificate Server is added, it is good. no error. this error occurs after a week.

Okay. Start troubleshooting.

Check the server certificate. Is there an error? Expired. Check the certificate on the smart card again. Check the smart card user.

No problem.

Then, Google. (the benefits of a natural wall flip are embodied. A bunch of attacks. there is no solution. well, this is rare. I thought about it. is it because the certificate chain is incorrect due to adding a slave server? It should not. I have already rejected this issue.

Currently no solution is in progress. then, if you cannot log on, it must be a certificate authentication error. certificate authentication error. it is nothing more than a Certificate Server and a domain control server, and then a connection server. the last is the smart card. now, you can confirm that there is no error connecting the smart card to the server. you can only find the problem on the Certificate Server and domain control server.

First, the Certificate Server. After the certificate is issued, everything is normal to revoke the certificate. Other certifications are also normal. You can be sure that the domain control server has an error.

Enable Domain control. check the certificate of the domain controller. token, how can I only have domain controller certificates and a bunch of default certificates. I remember, a certificate for Domain Controller Authentication is required for smart card authentication. why not? Is that it?

Try it first. No matter. I applied for the relevant certificate. log on with a smart card. OK. No problem. Everything is normal...

Very strange problem. the domain controller will apply for the verification certificate by default. if the certificate server and Smart Card logon are enabled. this certificate will be available. I don't know why. will disappear from the domain controller. in addition, both the master control and the secondary control disappear... this is a strange problem.

Finally, the attached solution is the same as my operation...

Facts have proved that when you encounter problems, do not panic, analyze it calmly, and then troubleshoot the error at. There is no error.

Bytes -----------------------------------------------------------------------------------------


"The system cocould not log you on. you cannot use a smart card to log on because smart card logon is not supported for your user account. contact your system administrator to ensure that smart card logon is configured for your organization."


Solved by re-issuing the Domain Controller Authentication cert.

On DC, opened MMC.

Click file, click Add/Remove snap-in.

Select certificates, click Add, then select computer account.

Expand certificates (Local Computer), right-click personal, click all tasks, and then click request new certificate.

In the request certificates page select Domain Controller Authentication.


Bytes ------------------------------------------------------------------------------------------

Amount, need translation? Well, I believe everyone can understand it. I will not translate it...

This article from the "lone wolf" blog, please be sure to keep this source

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.