Versions Compared

Version Old Version 44 New Version 45
Changes made by

Aaron Starr (Deactivated)

Aaron Starr (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Reset Smartcard/YubiKey PIN or Lockout

Unique Cases:

Smartcard for a non-IT user:

  1. If the request is to setup a new card:

    1. The DSP should have the physical card with them
    2. Make contact with ADTT@syr.edu and ADTT will find a time to help the DSP setup the card in the name of the user
      1. (Optional) After the account is created and the card is setup, the DSP can add the c- account to whatever groups they user may need
    3. The DSP can deliver the card to the user, please verify the actual user receives the card, and explain to them how to reset the PIN (Reset Smartcard/YubiKey PIN or Lockout)
      1. (Optional) ADTT can provide the expiration date of the smartcard certificate if the DSP would like to suggest to the user that they place a calendar appointment for it (we recommend 10 days prior to the actual expiration)
  2. If the request is to reset a smartcard:
    1. The DSP can collect the card from the user, reset the card (Reset Smartcard/YubiKey PIN or Lockout), and contact ADTT@syr.edu 
    2. We will assist in resetting the card just like the steps above.

General Troubleshooting/Help:

  1. Make sure the YubiKey is inserted correctly into the USB port. The Yubikey's can fit in a USB port both ways. When inserted correctly, the "y" on the card will flash green.
  2. The gold medallion on the Yubikey is actually a touch button. Pressing/touching it prints a OTP (One-time password) and presses Enter. (This is not used currently, but may be used in the future)
  3. If you are not able to log into the server during step 2 due to "Access Denied" contact ITS, your account likely has SmartcardLogonRequired = true.
  4. If you are waiting for a prompt to appear to enter a PIN for an exceedingly long time (wait>20s), click on the CMD window an press Enter twice. Else, contact ITS.
  5. (Windows) Under Device Manager on your computer, check the Smart Cards setting for a Yubico Minidriver. 
    1. If the driver is not present and the computer you are on is DOMAIN JOINED restart the computer and check again. Else, contact ITS for help.
    2. If the driver is not present and the computer you are on is NOT DOMAIN JOINED, you will need to download the driver manually from Yubico's website (https://www.yubico.com/products/services-software/download/smart-card-drivers-tools/). 
      1. To get to the driver download you can: Go to yubico.com>Support>Downloads. Find the CAB Download for the Yubico minidriver. When the minidriver is downloaded, extract it to a folder and Right click the .inf file>Install.
      2. After the driver is installed, the computer may require a restart.
  6. (Mac OS) Mac computers can log into smartcard.syr.edu and set the card up, but may not be able to use the card after. This is because NLA, when the Mac tries to connect to RDP it requires a username and password before the smartcard is used. Thus making it not work. To get around this, the Mac computer should log into a Windows computer (such as a VM) and rdp from there, so you may select the Smartcard/Yubikey from "More Choices"
  7. (Mac OS) Mac computers using the rdp/remote client application to remote into servers should make sure they are on Version 10+.
  8. (Mac OS) Assuming the remote client application is version 10+, when using the smartcard the first time to configure it, if it does not show up as an option the connect likely does not pass Smartcards. To resolve, exit the connection, right click it in the rdp client application and select Edit. Under the devices tab, make sure Smart Card is checked. Re-enter the session and try again.

...

For help, or assistance, contact ITS at ITSCIS@syrat ADTT@syr.edu