Troubleshooting SCARD_W_SECURITY_VIOLATION


Background

The SCARD_W_SECURITY_VIOLATION (0x8010006A) error indicates that the YubiKey Smart Card Minidriver was not able to authenticate to the YubiKey. There are a couple of typical causes for this.

Cause #1 - Non-default management key

The management key on the YubiKey's PIV (smart card) application has been changed from its default value using YubiKey Manager, the Yubico PIV Tool, or another 3rd party utility. To set it back to its default value, follow the instructions below.

If You Do Not Know the Management Key

If you do not know the management key, you must reset the PIV applet. This will reset the management key to the default and then the minidriver will be able to authenticate to the YubiKey.

If You Know the Management Key

If you know what the management key was changed to, you can use it to change it back to the default. After setting it to the default, the minidriver will be able to authenticate to the YubiKey.

  1. Download and install the YubiKey Manager software.
  2. Open Command Prompt.
  3. Run: ykman piv change-management-key -m <MGMKEY> -n 010203040506070801020304050607080102030405060708

        Where <MGMKEY> is the management key you have set.

Note: If you receive an error about not being able to find the program ykman, you will need to use cd to navigate to the folder it is in before running the ykman command. For example, you would run cd "C:\Program Files\Yubico\YubiKey Manager".

Cause #2 - YubiKey not touched with touch policy set

A touch policy has been enabled as per the section Setting Touch Policy in the Smart Card Deployment Guide, but the key is not being touched during enrollment, which is required in this configuration. In this case, re-attempt enrollment, and touch the key's sensor whenever its LED begins to flash steadily (but not rapidly). Due to constraints in the Windows operating system, it is not possible for a graphical indicator to appear on-screen during enrollment; the LED behavior is the only way to know when the sensor needs to be touched.

Comments

0 comments

Article is closed for comments.