Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:26 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 14 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Windows 10 AD Logon
PostPosted: Tue Jul 12, 2016 6:50 pm 
Offline

Joined: Tue Jul 05, 2016 11:45 pm
Posts: 2
I have setup my key in our Windows CA, I can do initial login on windows 7 machines without an but not windows 10, all I get in the error log is the message below.
I am able to unlock a machine with my key though on W10.

Code:
An error occurred while signing a message using the inserted smart card: An unexpected card error has occurred.


Is there a problem or should the certificate have been setup differently from the guide.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

 Post subject: Re: Windows 10 AD Logon
PostPosted: Thu Oct 13, 2016 8:14 am 
Offline

Joined: Thu Oct 13, 2016 8:13 am
Posts: 1
Hi,

I have the Same Problem, but only tested with Windows 10.

Could anybody help ??

Regards,

Frank


Top
 Profile  
Reply with quote  
 Post subject: Re: Windows 10 AD Logon
PostPosted: Thu Oct 13, 2016 7:41 pm 
Offline
Yubico Moderator
Yubico Moderator

Joined: Tue Jan 05, 2016 5:03 pm
Posts: 27
Hello Frank,

Can you please provide details as to your setup? What version of Windows are you using for your CA? Windows 2008 or Windows 2012?

Best Regards,
Matthew
Yubico Support


Top
 Profile  
Reply with quote  
 Post subject: Re: Windows 10 AD Logon
PostPosted: Mon Nov 21, 2016 7:31 pm 
Offline

Joined: Mon Nov 21, 2016 7:26 pm
Posts: 1
My Team is experiencing this exact problem as well. Windows 10, and 8.1 logon doesn't work, however "run as", RDP sessions, and Windows 7 logons work. Also unlocking computers works as well.
We have a 2008r2 CA. I followed the documentation at https://www.yubico.com/wp-content/uploa ... _FINAL.pdf as best I could, but due to the interface being a bit different, there are a few changes.
Any luck solving this?


Top
 Profile  
Reply with quote  
 Post subject: Re: Windows 10 AD Logon
PostPosted: Mon Nov 28, 2016 11:52 am 
Offline

Joined: Fri Jul 22, 2016 8:52 am
Posts: 3
We have same problem, Windows 10 machines with 2012 r2 CA and 2012 r2 AD environment I'm only able to open locked sessions with smart card but not log in to windows 10 machines.


Top
 Profile  
Reply with quote  
 Post subject: Re: Windows 10 AD Logon
PostPosted: Fri Dec 02, 2016 6:36 pm 
Offline

Joined: Fri Dec 02, 2016 6:34 pm
Posts: 3
I also have the exact same problem. Please advise!


Top
 Profile  
Reply with quote  
 Post subject: Re: Windows 10 AD Logon
PostPosted: Fri Dec 02, 2016 8:00 pm 
Offline

Joined: Fri Dec 02, 2016 7:54 pm
Posts: 7
I have my environment setup with AD 2012 R2/CA 2012 R2 and working fine with Win7/10 using YK4's via PIV. Let me know if I can be of assistance.


Top
 Profile  
Reply with quote  
 Post subject: Re: Windows 10 AD Logon
PostPosted: Sun Dec 04, 2016 9:04 pm 
Offline

Joined: Fri Dec 02, 2016 6:34 pm
Posts: 3
Hi

I got this from support, so I'm really interested in how you did get it to work for Windows 10?

//

We have confirmation from Microsoft this is indeed a bug in the Smart-Card authentication on Windows, the bug only affects the YubiKey as it contains multiple applets and the Smart-Card authentication process in Windows 10 does not properly send the applet select command to select the CCID applet for authentication, unfortunately the fix for this will not be available until the next Anniversary update for Windows due out in Spring 2017. we are continuing to work with Microsoft in hoping we can persuade them to release the fix sooner. The bug was introduced when Microsoft began to make changes to the authentication providers as they have begun to deprecate some legacy cryptographic algorithms such as SHA-1.


Top
 Profile  
Reply with quote  
 Post subject: Re: Windows 10 AD Logon
PostPosted: Mon Dec 05, 2016 3:04 pm 
Offline

Joined: Fri Dec 02, 2016 7:54 pm
Posts: 7
I sent you a PM so that we can figure this out and we can come back here to post what we found. I never have run into this error. We have been running PIV for about a year with 450 users.


Top
 Profile  
Reply with quote  
 Post subject: Re: Windows 10 AD Logon
PostPosted: Tue Dec 06, 2016 9:16 pm 
Offline

Joined: Fri Dec 02, 2016 6:34 pm
Posts: 3
I can't answer to your PM, I'm not trusted :) Can someone help me?


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group