Troubleshooting CAC Login

By SuperG - Last updated: Tuesday, April 3, 2012 - Save & Share - One Comment

So we use smartcards to log onto the network, and i have a lot of users who call and say they are having problems logging on. When asked what the error is they state “its the system cannot log you on error”. Well there are around 20 different “the system cannot log you on errors”. Below is a partial list and possible cures.

Problem: The system could not log you on. Your credentials could not be verified.
Cure: Verify whether user account is still active

Cure: Ensure UPN is set correctly in AD

Cure: Verify that you have the network cable plugged into the computer and try it again

Cure: The computer may have been removed from the domain

Cure: Ensure the root certificates are installed on client

Cure: Restart KDC on domain controller

Problem: The system could not log you on. The revocation status of the domain controller certificate used for smart card authentication count not be determined
Cure: OCSP Client not working correctly.

Cure: Uninstall OCSP Client and install the current version. Ensure OCSP Client is configed correctly

Problem: The system could not log you on. The revocation status of the smartcard certificate used for authentication could not be determined
Cure: Restart KDC on domain controller

Cure: Ensure all OIDs are attached to the Root CA certificates

Problem: The system could not log you on. You cannot use a smart card to log on because smart card logon is not supported for your user account, Contact your system administrator to ensure that smart card logon is configured for your organization.
Cure: Verify Root certificates

Cure: Verify machine certificate is good to include private key

Cure: Ensure CAC Client AND all patchs are installed.

Cure: Ensure all OIDs are attached to the Root CA certificates

Problem: The system could not log you on. The smartcard certificate used for authentication has been revoked
Cure: Clear OCSP Client cache

Cure: Check certificates on CAC to ensure they are valid and not revoked

Cure: Get New CAC certificates

Problem: The system could not log you on. An untrusted certificate authority was detected while processing the smartcard certificate used for authentication.
Problem: The system could not log you on. The smartcard certificate used for authentication was not trusted.

Cure: Ensure the root certificates are installed on client

Cure: Ensure the root certificates are installed on Domain Controller

Cure: Check certificates on CAC to ensure they are valid

Problem: The system could not log you on. The smartcard certificate used for authentication has expired.
Cure: Check certificates on CAC to ensure they are valid and not expired, if expired get new card
Problem: The system could not log you on. The smart card is blocked.
Cure: Card is blocked, need to have PIN reset
Problem: The system cannot log you on now because the domain is not available.
Cure: If connected by wire check that computer has valid IP and DNS.

Cure: If connected by wire ensure Domain controller is reachable (ping)

Cure: If not connected by wire ensure LAN cable is unplugged then try and login with cached again

Cure: If not connected by wire cached account has expired, must connect by wire and try again to re-cache account

Problem: The system could not log you on. Make sure your User name and domain are correct, then type your password again. Letters in passwords must be typed using the correct case.
Cure: Use smartcard to logon (usernames and passwords are not authorized)

Cure: Bad username or passwords, ensure you type each correctly, check case of password

Cure: Reset password and try again

Problem: The system could not log you on. An incorrect PIN was presented to the smart card.
Cure: Try again with the correct PIN this time (Make sure num lock is on if used)
Problem: The system could not log you on. A communication error with the smart card has been detected.
Problem: The system could not log you on. The smart card was removed.

Cure: Do not remove card while logging on

Cure: Bad card reader

Problem: The system could not log you on. The requested certificate does not exist on the smart card.
Problem: The system could not log you on. The requested key container does not exist on the smart card.

Problem: The system could not log you on. The requested keyset does not exist on the smart card.

Cure: Ensure card reader software is installed correctly

Cure: Ensure updated Card reader Driver is installed or patch is installed

Problem: The system could not log you on. An error occurred trying to use this smart card. You can find further details in the event log. Please report this error to the system administrator.
Problem: The system could not log you on. The server authenticating you reported an error (0x%08lX). You can find further details in the event log. Please report this error to the system administrator.

Problem: The system could not log you on. The server authenticating you reported an error. You can find further details in the event log. Please report this error to the system administrator.

Cure: Check Event logs. Troubleshooting will depend on what is in the Event logs

Cure: Restore system back to a point where the Smartcard was working

Cure: Reimage computer

Problem: The system could not log you on. This card cannot be used to authenticate you in this domain.
Cure: Check certificates on CAC to ensure they are valid

Cure: Make sure Domain has correct UPN suffix set in Domains and Trusts


Posted in Active Directory • Tags: Top Of Page

One Response to “Troubleshooting CAC Login”

Pingback from Revocation status of DC can't be verified – Blog SatoHost
Time July 11, 2018 at 12:09 am

[…] Troubleshooting CAC Login – This is the most authoritative listing of smart card logon error messages and their fixes that I’ve found to-date. […]

Write a comment

You need to login to post comments!