When connecting from a Windows 7 desktop to a Windows 2008 R2 server via rdp (mstsc -v /server) the 2k8 server sees my inserted smartcard and prompts me for a PIN. After entering the PIN the server responds with the error:
"The System could not log you on. The requesteed key container does not exist on the smart card."
I can then click "ok" and re-enter the PIN and the server logs me on without an additional error.
Looking in the event viewer after failed attempts I have seen different types of failures:
1:(sec log) MS Windows Security event ID: 4625 "An account failed to log on"
2:(app log) SC Logon Event ID:5 "An error occurred while retrieving a digital certificate from the inserted smart card. The operation requires a Smart Card, but no Smart Card is currently in the device."
2:(app log) SC Logon Event ID:5 "An error occurred while retrieving a digital certificate from the inserted smart card. The keyset is not defined."
Direct logon to the Windows 7 Desktop with SmartCard works without error.
The environment has both CRL and MS OCSP services online and all DCs have DC certificates on them as well.
The SmartCards follow a PIV model (4 certs) with the user auth in the primary container. certs are 2048bit SHA1RSA (SHA256 next lifecycle)
Authentication doesn't appear to be the issue, timing does even though the failure happens fairly quick +/-5 seconds. Bing nor Google has provided me with any usable insight of this particular failure, but my search terms could be lacking. Any help or pushes in the right direction would be greatly appreciated.
Thank you in advance for any information or tips,
Farl