I am configuring windows 2008 R@ CA so that domain users can use USB tokens (ACS CryptoMate64 ) to logon into the domain.
when i try "ENroll on behalf of.." from administrator Personal container certificates, i get the error "The signature of the certificate cannot be verified. 0x80096004 (-2146869244)" when enrolling the smart card logon
I have installed all midleware associated with ACS CryptoMate64 - http://acs.com.hk/en/products/18/cryptomate64-usb-cryptographic-tokens/
below is the event ID
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-CertEnroll
Date: 4/29/2014 8:58:00 AM
Event ID: 13
Task Category: None
Level: Error
Keywords: Classic
User: MYDOMAIN\Administrator
Computer: MYSERVER.MYDOMAIN.COM
Description:
Certificate enrollment for MYDOMAIN\Administrator failed to enroll for a SmartcardLogon certificate with request ID 20 from MYSERVER.MYDOMAIN.COM\MYDOMAIN-MYSERVER-CA (The signature of the certificate cannot be verified. 0x80096004 (-2146869244)).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificateServicesClient-CertEnroll" Guid="{54164045-7C50-4905-963F-E5BC1EEF0CCA}" EventSourceName="CertEnroll" />
<EventID Qualifiers="49754">13</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-04-29T15:58:00.000000000Z" />
<EventRecordID>683</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>MYSERVER.MYDOMAIN.COM</Computer>
<Security UserID="S-1-5-21-656473300-829514176-3621705015-500" />
</System>
<EventData>
<Data Name="Context">MYDOMAIN\Administrator</Data>
<Data Name="TemplateName">SmartcardLogon</Data>
<Data Name="RequestId">MYSERVER.MYDOMAIN.COM\MYDOMAIN-MYSERVER-CA</Data>
<Data Name="CA">20</Data>
<Data Name="ErrorCode">The signature of the certificate cannot be verified. 0x80096004 (-2146869244)</Data>
</EventData>
</Event>
kindly assist.