Revocation status of DC can't be verified

domain-controller pki smartcard crl
42,290

When you see that particular error message, it means that the workstation you're logging on to cannot access the CRL for the CA that issued the DC's certificate. You need to make sure that the CRL published for the DC's certificate is both accessible and valid.

I'm looking for some links to send you that further flesh out the issue and will edit the answer when I find them.

Edit - Here's some helpful links:

Troubleshooting CAC Login - This is the most authoritative listing of smart card logon error messages and their fixes that I've found to-date.

Why does Kerberos smart card login require public key certificates, private keys, and a Certification Authority (CA)? - The most concise overview of the smart card logon and PKI interaction.

Share:
42,290

Related videos on Youtube

Federer
Author by

Federer

Updated on September 18, 2022

Comments

  • Federer
    Federer almost 2 years

    A Domain Controller within my forest was working fine (as the story usually goes).

    Then, suddenly, I can't logon with my smart card. Instead, I'm greeted with the following message:

    The system could not log you on. The revocation status of the domain controller certificate used for smart card authentication could not be determined.

    I literally have no idea what's happened here. As an attempted quick fix, I removed the root certificate which issued the Smart Card's certificate from the CA of both the client and DC. Then imported a newly exported one from the DC in question. Same issue.

    I've spotted a number of related articles on Microsoft's forums and a HP support document. Each don't really shed much light as it's a generic error message apparently.

    Having said all of this, other smart cards (issued from other DCs) work fine. So I have no idea what's up with this one.

    • ravi yarlagadda
      ravi yarlagadda over 11 years
      Use pkivew.msc to check the status of your PKI, specifically the CRL distribution points. A CRL somewhere is expired and needs an update.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to publish a CRL for an internal Windows certification authority?
Smart card authentication to a Cisco switch?
Implications of Root CA without CRL
Windows will not pass smart card information to browsers
Enable USB smartcard inside VMware
Found CRL is expired - revoking all certificates until you get an updated CRL
EMV Tag 91 Issuer Authentication Data - How to Determine Format of Tag in Response
How to read or write smart card
Read and Write Card Details using a Smart Card Reader
Signing JSON objects