Versions Compared

Version Old Version 63 New Version 64
Changes made by

Aaron Starr (Deactivated)

Aaron Starr (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Make sure the YubiKey is inserted correctly into the USB port. The Yubikey's can fit in a USB port both ways. When inserted correctly, the "y" on the card will flash green.
  2. The gold medallion on the Yubikey is actually a touch button. Pressing/touching it prints a OTP (One-time password) and presses Enter. (This is not used currently, but may be used in the future)
  3. If you are not able to log into the server during step 2 due to "Access Denied" contact ITS, your account likely has SmartcardLogonRequired = true.
  4. If you are waiting for a prompt to appear to enter a PIN for an exceedingly long time (wait>20s), click on the CMD window an press Enter twice. Else, contact ITS.
  5. (Windows) Under Device Manager on your computer, check the Smart Cards setting for a Yubico Minidriver. 
    1. If the driver is not present and the computer you are on is DOMAIN JOINED restart the computer and check again. Else, contact ITS for help.
    2. If the driver is not present and the computer you are on is NOT DOMAIN JOINED, you will need to download the driver manually from Yubico's website (https://www.yubico.com/products/services-software/download/smart-card-drivers-tools/). 
      1. To get to the driver download you can: Go to yubico.com>Support>Downloads. Find the CAB Download for the Yubico minidriver. When the minidriver is downloaded, extract it to a folder and Right click the .inf file>Install.
      2. After the driver is installed, the computer may require a restart.
  6. (Windows) If you are receiving the error: "The client has failed to validate the domain controller certificate for _______. The following error was returned from the certificate validation process: A certificate chain could not be built to a trusted root authority." AND the computer you are on is NOT DOMAIN JOINED. It may mean the computer you are on does not trust the root certificate from AD. Please contact ADTT@syr.edu for help trusting the cert.
  7. (Mac OS) Macs may not be able to use the card after setup. This is because NLA, when the Mac tries to connect to RDP it requires a username and password before the smartcard is used. Thus making it not work. To get around this, the Mac computer should log into a Windows computer (such as a VM) and rdp from there, so you may select the Smartcard/Yubikey from "More Choices"
  8. (Mac OS) Mac computers using the rdp/remote client application to remote into servers should make sure they are on Version 10+.
  9. (Mac OS) Assuming the remote client application is version 10+, when using the smartcard the first time to configure it, if it does not show up as an option the connection likely does not pass Smartcards. To resolve, exit the connection, right click it in the rdp client application and select Edit. Under the devices tab, make sure Smart Card is checked. Re-enter the session and try again.

...

For help, or assistance, contact ITS at ADTT@syr.edu