Smart Card logon fails with error "You cannot log on using a smart card"

Smart Card logon fails with error "You cannot log on using a smart card"

book

Article ID: CTX559984

calendar_today

Updated On:

Description

  • Cannot logon to Storefront web site using smart card. Error received:  "You cannot log on using a smart card".
  • Test.aspx page fails indicating this is a MS issue mapping client certificates to IIS.



 

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Resolution

 

  1. Disable TL3 1.3 and enable 1.2 using the following registry keys on the storefront:
 
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
 
"DisabledByDefault"=dword:00000000
 
"Enabled"=dword:00000001

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server]

"DisabledByDefault"=dword:00000001
 
"Enabled"=dword:00000000
  1. Reboot for changes to take effect. 

 

Problem Cause

This is a MS limitation with client certificates on Windows 2022 using TLS 1.3
Powered by Wolken Software