Windows Server 2012 - PIV smart card logon from client

Hello,

I am trying to enable smart card piv logon in a test environment.

I have successfully installed windows server 2012

I have installed AD CS , AD DS, IIS, DNS

I successfully can login from another computer with windows 7 in my LAN into my newly created domain.

NOW:

I have generated a key pair with openssl and generated a certificate request with:

OpenSSL> engine dynamic -pre SO_PATH:/Library/OpenSC/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre NO_VCHECK:1 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/Library/OpenSC/lib/opensc-pkcs11.so

which looks like this:

Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=Se, ST=Milan, L=Milan, O=test, OU=user, CN=tom/
emailAddress=test@test.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:8d:ed:5f:22:84:6f:84:8c:23:7c:f4:17:7d:19:
2b:b5:c4:26:12:54:a5:48:67:02:f1:13:f3:44:f2:
e7:77:7d:f3:56:0c:78:fb:5a:4c:f2:9b:00:8b:75:
8c:9c:89:45:2c:87:96:a7:65:35:55:3a:ad:7d:8e:
ba:e3:57:11:9a:b6:f3:1a:c4:7a:2e:93:77:ff:5a:
bb:3e:9e:b2:87:5d:33:ee:9c:1f:f1:9f:00:57:ce:
17:e0:31:49:0e:f0:78:10:c2:2e:6e:48:a6:aa:d7:
4f:fe:d7:5d:14:b9:05:ed:28:a3:28:20:f4:0b:bc:
b0:ed:31:07:25:83:fa:88:23:75:9a:ce:ec:54:0a:
21:65:83:2c:4b:bc:80:7a:8f:00:57:e7:7a:00:36:
39:1c:d1:c1:d1:3d:5b:83:18:15:19:e0:53:49:70:
96:97:3d:f4:f9:6c:59:95:1e:0d:f7:9e:51:17:1e:
a4:57:05:64:78:94:21:a0:c2:5c:f7:7c:ac:d3:9f:
eb:00:b8:db:91:1e:16:0c:2b:c3:c4:2c:98:0a:b0:
7a:11:b0:8d:d2:1e:21:c7:e8:d4:56:e2:e1:fb:c2:
c7:60:bb:4b:a6:1a:1d:4b:eb:aa:c7:1e:39:46:3e:
01:a3:9d:70:4c:fa:fc:38:5a:11:a0:0a:fa:39:2e:
e8:b5
Exponent: 65537 (0x10001)
Attributes:
unstructuredName :Test
Signature Algorithm: sha1WithRSAEncryption
4f:11:12:8c:ef:a8:9e:64:fe:3e:6d:96:8e:5a:5f:9a:59:15:
2d:fe:98:5c:e4:d8:9b:e2:f7:b4:01:e7:64:ba:5e:7c:02:ad:
e7:0c:e5:37:e1:b9:e3:a8:f9:a4:6a:97:c5:f9:f0:86:42:af:
f8:d4:5d:44:df:8d:ad:e0:b1:ae:ac:ca:97:c1:61:81:00:db:
29:79:b7:7c:fc:4d:37:94:9d:ac:d2:65:24:8c:6a:4e:df:ff:
7a:34:ad:04:35:ba:53:de:73:bb:66:e2:d9:0f:ca:0e:ba:ad:
d1:e9:e5:8e:df:2e:9c:c1:04:63:7a:fe:c1:e5:15:8e:a7:e5:
2b:23:7e:9d:26:56:bd:66:27:e6:fa:12:b8:62:80:b4:95:9a:
ff:bd:19:86:c1:f2:1b:2d:dd:47:9c:13:ed:b3:cd:cf:94:39:
eb:b4:6f:3b:15:80:53:34:e4:19:c6:cb:5d:5b:44:09:3b:29:
90:06:38:85:10:49:1e:38:59:b1:05:d8:e7:50:7a:63:fe:07:
08:26:ea:1d:32:1e:73:df:bb:33:d7:02:1f:51:ff:35:3f:af:
5b:a5:a2:a1:b9:2b:37:0b:d5:e9:44:fa:d7:ff:a3:1b:7d:48:
79:bf:c5:cf:0c:d7:c2:5d:94:a7:bc:cb:a5:e7:c8:80:9f:24:
e6:7d:e3:e9
-----BEGIN CERTIFICATE REQUEST-----
MIIC4DCCAcgCAQAwgYMxCzAJBgNVBAYTAlNlMRIwEAYDVQQIEwlTdG9ja2hvbG0x
EjAQBgNVBAcTCVN0b2NraG9sbTEPMA0GA1UEChMGWXViaWNvMQ0wCwYDVQQLEwR1
c2VyMQwwCgYDVQQDEwN0b20xHjAcBgkqhkiG9w0BCQEWD3Rlc3RAeXViaWNvLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI3tXyKEb4SMI3z0F30Z
K7XEJhJUpUhnAvET80Ty53d981YMePtaTPKbAIt1jJyJRSyHlqdlNVU6rX2OuuNX
EZq28xrEei6Td/9auz6esoddM+6cH/GfAFfOF+AxSQ7weBDCLm5IpqrXT/7XXRS5
Be0ooygg9Au8sO0xByWD+ogjdZrO7FQKIWWDLEu8gHqPAFfnegA2ORzRwdE9W4MY
FRngU0lwlpc99PlsWZUeDfeeURcepFcFZHiUIaDCXPd8rNOf6wC425EeFgwrw8Qs
mAqwehGwjdIeIcfo1Fbi4fvCx2C7S6YaHUvrqsceOUY+AaOdcEz6/DhaEaAK+jku
6LUCAwEAAaAXMBUGCSqGSIb3DQEJAjEIEwZZdWJpY28wDQYJKoZIhvcNAQEFBQAD
ggEBAE8REozvqJ5k/j5tlo5aX5pZFS3+mFzk2Jvi97QB52S6XnwCrecM5TfhueOo
+aRql8X58IZCr/jUXUTfja3gsa6sypfBYYEA2yl5t3z8TTeUnazSZSSMak7f/3o0
rQQ1ulPec7tm4tkPyg66rdHp5Y7fLpzBBGN6/sHlFY6n5Ssjfp0mVr1mJ+b6Erhi
gLSVmv+9GYbB8hst3UecE+2zzc+UOeu0bzsVgFM05BnGy11bRAk7KZAGOIUQSR44
WbEF2OdQemP+Bwgm6h0yHnPfuzPXAh9R/zU/r1uloqG5KzcL1elE+tf/oxt9SHm/
xc8M18JdlKe8y6XnyICfJOZ94+k=
-----END CERTIFICATE REQUEST-----

I have submitted this request to my CA and i have issued a certificate. I have then put the certificate test.cer in my smartcard.

I have imported the ROOT CA into trusted root ca of my windows 7 client

I have enabled "use smart card at login" option for the test user

I go and try to login and i get a message that the smart card does not contain a valid certificate or to insert the smart card correctly (which is )

this is what i can see about my certificate with certmgr.msc when i try to import it:

I am using windows server 2012 on a virtual machine, hosted by windows 8.

My client is on a different machine, same subnet with windows 7 (all updates installed)

If anyone has a good advice to give it will be greatly appreciated. I can't find any documentation related to smart card and windows 2012. I have found some documents about adding template but none of them works as on windows 2012 i do not have the same button/interface/results described in the tutorials for win 2003,2008.

Thank you in advance.