Summary
When registering a CAC, the SmartCard drop-down and OK button are grayed out.
Details
To resolve the issue:
- Verify the following:
- The reader is in the device manager.
- The ActiveSync is able to read the card.
- The ActiveSync has the latest updates and patches.
- Test a different card.
- Change Prefer GSC-IS over PIV End Point to "No" and reboot.
- Verify that the following policy settings are configured in Full Disk Encryption\Login for the group:
- TokenAuthentication must be enabled.
- TokenAuthentication\OCSP Validation must be disabled TokenAuthentication\Token PassThru = No.
- Leave the Full Disk Encryption\Login\Token Authentication\OCSP Validation policy setting to "No".
- Ensure that the Common\Authentication\Network Login \Domain Authentication policy setting is set to "No".
- The domain and Smart Card authentication must not work together in the same policy group.
- A one-time password must be set for new Smart Card users.
- Subsequent authentications require the Smart Card PIN.
- Make sure that the card is fully inserted and that a CAC or a PIV card is being used.
- Ensure that the BIOS is up-to-date.
Note: PCMCIA and serial readers are not supported.
- Register the card again.
- Assign the user an OTP on the PS under the device group where it belongs to, and then log on to the device with user name and OTP.
- Make sure that there is connection to the PS.
- Register the CAC on that device.
The user should be able to log into that device with the CAC/PIN.