Login via smart card using Remote Desktop (RDP) fails with error message "The requested key container does not exist on the smart card."

Assume the following scenario:

  • A user logs on to a remote desktop system using the smart card logon function.
  • The user uses a Yubico Yubikey as a smartcard. The required middleware is installed on both the local and the remote system.
  • The login fails with the following error message:
The system could not log you on. The requested key container does not exist on the smart card.

Cause

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem and is available under a free license. It can downloaded via GitHub and can be used free of charge.

The Yubikey middleware is not loaded on the remote system if no Yubikey is connected. The middleware must be loaded with a switch INSTALL_LEGACY_NODE be installed.

msiexec /i YubiKey-Minidriver-4.1.0.172-x64.msi INSTALL_LEGACY_NODE=1

To perform an automated installation without user input, but a status display:

msiexec /i YubiKey-Minidriver-4.1.0.172-x64.msi INSTALL_LEGACY_NODE=1 /passive

To perform a completely automated installation without visible dialogs:

msiexec /i YubiKey-Minidriver-4.1.0.172-x64.msi INSTALL_LEGACY_NODE=1 /quiet

Related links:

External sources

en_USEnglish