|
Posted by John Bothner on May 5, 2008, 7:51 am
Please log in for more thread options I think I have the very same problem (your problem 1).
Same plattforms:
- Enterprise (domain) root issuing CA - Windows 2008 Enterprise
- Domain Controller: Windows 2008 Enterprise
- Enrollment station - Vista SP1
On the enrollment station: I use the Certificates mmc snap in, and
similarily choose "enroll certificate on behalf of anoher user. The
enrollment agent certificate is asked for and given, just fine. I have
duplicated the "smart card logon" template, that template is not available
from the enrollment station. When I check "Show all templates" I see my
duplicated template with the error message
"The template is missing a required signature policy attribute. You
do not have permission to view this type of certificate."
I have opened all rights (Full Control, this is not a production
environment) in the Security tab for the enrollment agents (in the
duplicated template).
I have also done as indicated in http://support.microsoft.com/kb/313629.
I have tried both for version 2 (2003) and version 3 (2008) certificate
templates with no success.
My reader and card works fine when I test on the enrollment station with the
CTRL-ALT-DEL-change-password-other-credentials. I am using the Gemalto .NET
v2 cards. So I think the problem is not card or reader related, but with
the CA or certificate templates?
Any suggestions are greatly appriciated.
Kind regards,
John Bothner
> Hi all,
> I am trying to enroll some smart cards with the following
> setup
>
> Reader - Gemalto PC Twin USB (Old Name = Gempc twin usb)
> Cards - Gemalto Classic TPC IS White PVC (Old name = GemSafeXpresso
> 32K)
>
> CA - Windows 2008 Enterprise Root CA
> Enrollment station - Vista SP1
>
> th intent is to use these cards for remote access via TSGateway.
>
> Problem 1 - When trying to create another certificate template by
> duplicating the "smart card logon" template, that template is not
> available from the enrollment station. I have modified the issuance
> requirements as per one of the technet articles below, but with no
> sucess.
>
> Problem 2 - When i try to issue from the standard "smart card logon",
> i am prompted to insert my smartcard, however the certificate goes
> straight into the personal store and does not prompt me for a PIN.
>
> The gemalto troublshooting tools seem to indicate that my reader and
> smartcard are all good.
>
> I've been looking the the following articles (some of which are geared
> towards win 2003)
>
>
http://207.46.196.114/windowsserver/en/library/99827b56-216a-475b-a7e9-84c8d4c749de1033.mspx?mfr=true
>
http://technet2.microsoft.com/windowsserver/en/library/5229033e-232b-4f91-9f86-0cbbd7cfc5a81033.mspx?mfr=true
> http://support.microsoft.com/kb/313629
> http://support.microsoft.com/kb/922706
>
> Can anyone assist ?
| 
XML Sitemap