I was hoping someone here could help me with an issue that's happening
here at work.
I have a user that is attempting to use a certificate card to
authenticate to the Windows domain. On her primary machine it gives
the generic "credentials not verified" error message.
Other people can log in that machine with their cards, and the user
can take her card and log in to different machines with no problem.
We use roaming profiles but deleting and recreating the profile did
not correct the issue.
Deleting and readding her certs to the local store did not correct the
issue either. And here's the wierd thing - there are 3 certs on the
card, but a 4th cert always shows up from somewhere.
As a test I had the user try a digitally signed and encrypted email to
herself. The signature came back as invalid and details on the problem
showed that the cert was using an old email address of the users.
Checking all of the certs on the card shows that they are indeed
displaying the proper (newer) email address.
As a hail mary pass, I've cleaned out both the user's C:\Documents and
Settings\user\Application Data\Microsoft\SystemCertificates\* and
C:\Documents and Settings\user\Application Data\Microsoft\crypto\*
profile keys, to no luck.
This has happened often enough around here that standard procudure has
been established - and that's to reload the operating system. But it
happens often enough that it would be nice to have a targetted
solution to actually fix the problem.
Obviously the problem lies within the local harddrive - either a
machine registry setting not letting go, or a bad cert or CRL stored
somewhere outside of the profile area.
Does anyone have any suggestions I might try or ideas on where I might look?
Thanks.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
