Forum Discussion

Jeff Harlow's avatar
Jeff Harlow
Iron Contributor
Aug 23, 2018

KDC error - Cannot find a suitable certificate to use for Smart Card Logons (Hello for Business)

We have been using Hello for Business for over a year now. This morning, I come in and have users that are no longer able to login via PIN or FaceID. On review, I can see that our certificate (PKI) r...
security
Windows Server
Jeff Harlow's avatar
Jeff Harlow
Iron Contributor
Aug 23, 2018

The two errors are Error 29: The KDC cannot find a suitable certificate to use for smart card logons or the KDC could not be verified.   

Error 19: This event indicates an attempt was made to use smartcard logon, but the KDC is unable to use the PKINIT protocol because it is missing a suitable certificate.  

 

The original and newly created template (and certificate) includes Smart Card Logon. 

  • Matthias_VDB's avatar
    Matthias_VDB
    MCT
    Dec 06, 2019

    Jeff,

     

    I know this is an old post, but we are setting up the environment right now and experiencing the same issue.

    Care to share how you solved this one?

     

    tx!

    • Jeff Harlow's avatar
      Jeff Harlow
      Iron Contributor
      Dec 10, 2019

      Unfortunately, I do not recall the solution. We have since moved to Azure AD and not even using the method at that time. Sorry. 

      Matthias_VDB 

Resources