Hello
I have a problem with logging on to Windows 2008 SP2 Terminal Server using a smart card authentication.
After powering the server on, users are authenticating on server with smart cards, and everything is working fine for two or three days. After this time, when the user tries to log on, this message appears:
"The system could not log you on. An error occurred trying to use this smart card. You can find further details in the event log. Please report this error to the system administrator."
After that, no user can log on with the smart card (remote desktop or local). I tried to resolve the problem by restarting all terminal server or smart card related services, but with no success. Only server restart helps, but problem reappears after a
few days.
A 4625 error message is logged in the Security, with status code 0xC000006D and substatus code 0xC0000321.
When I run Process Monitor when user is trying to log on, I see following events (every is performed by LogonUI.exe process):
Event Class:File System
Operation:CreateFile
Result:SUCCESS
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Desired Access:Generic Read/Write
Disposition:Supersede
Options:
Attributes:n/a
ShareMode:Read, Write
AllocationSize:0
OpenResult:Superseded
Event Class:File System
Operation:QueryStandardInformationFile
Result:NOT IMPLEMENTED
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Event Class:File System
Operation:DeviceIoControl
Result:SUCCESS
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Control:FSCTL_REQUEST_OPLOCK_LEVEL_2
Event Class:File System
Operation:DeviceIoControl
Result:SUCCESS
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Control:0x900e0 (Device:0x9 Function:56 Method: 0)
Event Class:File System
Operation:DeviceIoControl
Result:SUCCESS
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Control:FSCTL_OPLOCK_BREAK_NOTIFY
Event Class:File System
Operation:DeviceIoControl
Result:SUCCESS
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Control:FSCTL_IS_PATHNAME_VALID
(Event below repeats about 100000 times for 30 seconds)
Event Class:File System
Operation:DeviceIoControl
Result:SUCCESS
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Control:FSCTL_SET_REPARSE_POINT
Event Class:File System
Operation:DeviceIoControl
Result:SUCCESS
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Control:FSCTL_LOCK_VOLUME
Event Class:File System
Operation:CloseFile
Result:SUCCESS
Path:\Device\RdpDr\TSCLIENT\SCARD\9
Server information:
Windows 2008 SP2, x64, working in Windows 2008 domain environment.
I've installed hotfixes: 949538, 2427997, 2521923 (because I had problems with smart cards before, showing errors: "The system could not log you on. The smart card was removed.", "The requested key container does not exist on the smart card.")
The load of the server doesn't have any connection with this problem, it happened when there were 1 or 5 users. When this problem occurs, authentication by username/password is working fine, even for user, who couldn't log on with his smartcard.
Thanks for any help in advance.