Forum

Thanx for valuable info in your post. However I managed to get this problem with a for me unkown Status value: 0xc00000bb.

Here's some info from the eventlog, maybe you can guide me further.

Account For Which Logon Failed:
 Security ID:  NULL SID
 Account Name:  administrator@pbslab2.local
 Account Domain:  

Failure Information:
 Failure Reason:  An Error occured during Logon.
 Status:   0xc00000bb
 Sub Status:  0x0

My environment is as follows:

Windows Server 2003 as Domain Controller
Windows Server 2008 running root CA (active directory certificate services)

I managed to issue a smart card user certificate for the domain administrator and store it on a Gemalto .NET v2+ smart card. When trying to logon to the ws2008 as domain adminstrator I get the error mentioned above.

I read here
http://msmvps.com/blogs/sp/archive/2007/06/02/smart-card-logon-error-0xc00000bb.aspx
that it could be a missing certificate on the AD but I do have it.

Any ideas?

Cheers

/Håkan Eriksson

Generally it's either: 

1) your SAM account name not matching your User Principal Name

sAMAccountName: johnsmith
userPrincipalName: johnsmith@contoso.com

2) missing the certificate of your domain controller or one of your certification authority that signed your smart card's certificate.

Unfortantely a lot of things can go wrong with certificates since PKI has so many pieces.  Try examining the certificate on the smart card and make sure Windows recognizes it as trusted.  Hope that helps.

I managed to find the error. It was related to the actual smart card used and its minidriver (axaltocm.dll). On my 2003 server (running AD) I had to install hotfix kb909520, and, on my 2008 server I had to update the axaltocm.dll to the latest version (6.0 -> 8.1).

Now I can logon, but still sometimes I have to re-enter my credentials on the TS at 2008 server. I've checked the settings both for Terminal Server configuration (untick "Always ask for credentials") and group policy.

Anyway, thanx for pointing me in the correct direction.

Regards/Håkan