When RDP as a Domain User, Smart Card Requested

Question

My W8 machine is connected to domain zen. If I rdp to the W8 machine, I can log in as a local user without problems. If I try to log in as a domain user, I am prompted for a smart card instead of a password.

Any ideas why?

Windows 8 RDP Smart Card prompt

Note that Interactive login: require smart card is disabled in group policy:

enter image description here

And here is the output from rsop.msc:

enter image description here

Some additional information on this one. If my connecting machine is on the same domain/network as the W8 machine, then I am prompted for a password as usual. If the machine is remote, on a different domain, then I am prompted for a smart card. In addition, the machine I am connecting from that gets the smartcard prompt is an XP box - so it may be an issue confined to mstsc.exe version 6.0.x - with 6.1 the authentication is managed prior to the rdp gui session being established.

I haven't isolated exactly which of these factors triggers the different response.

score 8 · Answer 1 · edited Jun 09 '13 at 19:27

8

I managed to bypass the problem by clicking on "other user". I was then able to enter my username and could enter a password.

edited Jun 09 '13 at 19:27

terdon

54,564

answered Jun 09 '13 at 12:16

Yehuda

256

score 7 · Answer 2 · edited Apr 11 '18 at 09:21

7

I had exactly the same issue. No idea why it prompts for smartcard, but found 2 workarounds:

use Linux RDP client (grdesktop) where you submit password before connection is made
From XP, add /public to mstsc command line:
```
mstsc /v a.b.c.d /public
```

edited Apr 11 '18 at 09:21

StackzOfZtuff

1,630

answered Jan 22 '13 at 09:31

Phil

71

score 4 · Answer 3 · edited Apr 11 '18 at 09:14

4

You have to disable Interactive logon: require smart card in

Control Panel / Administrative Tools / Edit Group Policy / 
   Computer Configuration / Windows Settings / Security Settings / 
      Local Policies / Security Options

Note that these are server-side settings and so apply to the machine being connected to.

edited Apr 11 '18 at 09:14

StackzOfZtuff

1,630

answered Oct 22 '12 at 23:00

Milo Wielondek

961

ImAlmogaver · Answer 4 · 2013-04-22T13:02:43.567

1

I realized that if I don't specify a username in the RDP connection and I use the IP address instead of the server's name, no smartcard is requested to login on the server.

edited Apr 22 '13 at 13:02

answered Apr 21 '13 at 16:51

ImAlmogaver

11

score 0 · Answer 5 · answered Aug 16 '16 at 02:13

I've had this issue, and can confirm that if you change your remote desktop client's login username to \, it logs in just fine to the currently logged in session and doesn't prompt for the smart card anymore. This was with Remote Desktop Connection for Mac.

score 0 · Answer 6 · answered Dec 04 '19 at 10:44

I found that adding the -p - option to the command line solved the problem, e.g.

rdesktop machine.domain.com -u user -p -

When I use an invocation like that it'll then ask for a password in the terminal before starting the RDP session, then log in without asking for a smart card.

Sam · Answer 7 · 2013-11-24T22:22:39.543

Another thing you might look for is a program called "Bitguard". I started getting the Smart Card prompt when trying to access shared devices on my network. This was driving me crazy because every time I tried to disable it using Control Panel, I got a Windows Explorer crash or it was grayed out so I couldn't make the choice to use ID and Password. After much research, I read somewhere that a recently added program can cause this. I went to see what was recently installed and saw the culprit "Bitguard". As soon as that was uninstalled, I was able to access the network devices using ID and password with no other changes to my system.

When RDP as a Domain User, Smart Card Requested

7 Answers7