Logon via smartcard fails with error message "The revocation status of the authentication certificate could not be determined."

Author Uwe GradeneggerPosted on Categories Certificate usageTags ,

Assume the following scenario:

  • A user has a Smartcard Logon certificate and logs on to the Active Directory domain with it.
  • The login fails. The following error message is returned to the user's computer:
The revocation status of the authentication certificate could not be determined.

In German, the message reads:

Der Sperrstatus des für die Authentifizierung verwendeten Smartcard-Zertifikats konnte nicht ermittelt werden.

A corresponding event should also be logged on the authenticating domain controller that processed the login:

Possible causes

Problems with the revocation list distribution points (availability and up-to-dateness of the revocation lists) can affect any certificate in the certificate chain being checked, for example even if the revocation list of a certification authority in the chain has expired (classically the root certification authority whose revocation list renewal was missed).

If the master certification authority's revocation list should have expired is a common consequential error, that subordinate Certification Authorities no longer start, as these check the validity of their own certificate authority certificate when the service is started.

Related links:

One thought on “Die Anmeldung via Smartcard schlägt fehl mit Fehlermeldung „The revocation status of the authentication certificate could not be determined.“”

  1. Pingback: Signing in via smartcard fails with error message "Signing in with a security device isn't supported for your account." - Uwe Gradenegger

Comments are closed.

en_USEnglish
de_DEDeutsch en_USEnglish