Troubleshooting CAC Login

This is a copy and expansion of the now defunct SuperG Web Log list of CAC/smartcard Login errors.

The system could not log you on. Your credentials could not be verified.
  • Verify whether user account is still active in AD.
  • Ensure the UPN (userPrincipalName) is set correctly in AD.
  • Verify that you have the network cable plugged into the computer and try again.
  • The computer may have been removed from the domain.
  • Ensure the root certificates are installed on the client.
  • Restart the KDC service on the domain controller.
  • Ensure the strong certificate mappings are configured correctly
The system could not log you on. The revocation status of the domain controller certificate used for smart card authentication count not be determined
  • The OCSP client may not be working correctly.
  • Uninstall the OCSP client and install the current version. Ensure OCSP Client is configured correctly
The system could not log you on. The revocation status of the smartcard certificate used for authentication could not be determined
  • Restart the KDC service on the domain controller
  • Ensure all OIDs are attached to the Root CA certificates
The system could not log you on. You cannot use a smart card to log on because smart card logon is not supported for your user account; Contact your system administrator to ensure that smart card logon is configured for your organization.
  • Verify Root certificates
  • Verify machine certificate are good to include the private keys
  • Ensure CAC Client and all patches are installed.
  • Ensure all OIDs are attached to the Root CA certificates
The system could not log you on. The smartcard certificate used for authentication has been revoked
  • Clear the OCSP Client cache
  • Check certificates on CAC to ensure they are valid and not revoked
  • Issue a new smartcard
The system could not log you on. An untrusted certificate authority was detected while processing the smartcard certificate used for authentication.
  • Ensure the root certificates are installed on the client
  • Ensure the root certificates are installed on the Domain Controller
  • Check certificates on CAC to ensure they are valid
The system could not log you on. The smartcard certificate used for authentication was not trusted.
  • Ensure the root certificates are installed on the client
  • Ensure the root certificates are installed on the Domain Controller
  • Check certificates on CAC to ensure they are valid
The system could not log you on. The smartcard certificate used for authentication has expired.
  • Check certificates on CAC to ensure they are valid and not expired; issue a new smartcard
  • Verify timezone and clock on the client and domain controller
The system could not log you on. The smart card is blocked.
  • The card is blocked needs to have the PIN reset or a new card issued. This is a block that is set on the card's chip itself.
The system cannot log you on now because the domain is not available.
  • Check that computer has valid a valid IP and DNS is functional.
  • Ensure the Domain controller is reachable (ping)
  • A temporary solution, disconnect the LAN cable and then try to login with cached credentials
  • If not connected to the domain then the cached account has expired; you must connect to the domain and try again to re-cache account credentials
The system could not log you on. Make sure your User name and domain are correct; then type your password again. Letters in passwords must be typed using the correct case.
  • Use smartcard to logon (usernames and passwords are not authorized)
The system could not log you on. An incorrect PIN was presented to the smart card.
  • Double check that the correct pin is being entered (Make sure num lock is on if numpad is being used)
The system could not log you on. A communication error with the smart card has been detected.
  • Do not remove card while logging on
  • The card reader maybe failing
  • Ensure drivers are installed
  • Ensure the card is clean and making good contact with the read (A common trick is to use an eraser on the smartcard's connection pad to clean debris)
The system could not log you on. The smart card was removed.
  • Do not remove card while logging on
  • The card reader maybe failing
  • Ensure drivers are installed
  • Ensure the card is clean and making good contact with the read (A common trick is to use an eraser on the smartcard's connection pad to clean debris)
The system could not log you on. The requested certificate does not exist on the smart card.
  • Ensure card reader software is installed correctly
  • Ensure updated Card reader Driver is installed or patch is installed
  • If this is a new card, ensure it was created correctly and contains the necessary certificates
The system could not log you on. The requested key container does not exist on the smart card.
  • Ensure card reader software is installed correctly
  • Ensure updated Card reader Driver is installed or patch is installed
  • If this is a new card, ensure it was created correctly and contains the necessary certificates
The system could not log you on. The requested keyset does not exist on the smart card.
  • Ensure card reader software is installed correctly
  • Ensure updated Card reader Driver is installed or patch is installed
  • If this is a new card, ensure it was created correctly and contains the necessary certificates
The system could not log you on. An error occurred trying to use this smart card. You can find further details in the event log. Please report this error to the system administrator.
  • Check Event logs. Troubleshooting will depend on what is recorded there.
  • Restore system back to a point where the smartcard was working
  • Reimage the machine
The system could not log you on. The server authenticating you reported an error (0x%08lX). You can find further details in the event log. Please report this error to the system administrator.
  • Check Event logs. Troubleshooting will depend on what is recorded there.
  • Restore system back to a point where the smartcard was working
  • Reimage the machine
The system could not log you on. The server authenticating you reported an error. You can find further details in the event log. Please report this error to the system administrator.
  • Check Event logs. Troubleshooting will depend on what is recorded there.
  • Restore system back to a point where the smartcard was working
  • Reimage the machine
The system could not log you on. This card cannot be used to authenticate you in this domain.
  • Check certificates on CAC to ensure they are valid
  • Make sure Domain has the correct UPN suffix set in Domains and Trusts
Smart card or certificate sign-in failed. Please contact your administrator and tell them that the KDC certificate couldn't be validated. Additional information might be available in the system event log.
  • The OCSP client may not be working correctly
  • Check client is trusting the KDC certificate and chain
  • Ensure KDC certificate is valid (especially if this is occurs on many machines)