Smart Card Logon Over RDP Fails with "Requested Key Container is not Available"

Applicable Products


Issue

If your smart card login works normally when you are physically at a workstation, but you receive the "The requested key container is not available on the smart card" error when using a smart card over RDP, that indicates that the YubiKey Smart Card Minidriver is loaded on the local system but not on the destination you are connecting to. To confirm this, follow the steps below.

  1. RDP to the server or workstation.
  2. Open Command Prompt.
  3. Run: certutil -scinfo
  4. Verify the output shows the Card as "Identity Device (NIST SP 800-73 [PIV])".

Resolution

First, ensure that you have the YubiKey Smart Card Minidriver installed on the remote destination. Then, start the Plug and Play service on your destination and ensure it is set to start automatically. If the issue persists, you can use the Add Hardware option to trigger Windows to change the driver.

  1. RDP to the server or workstation.
  2. Open the Run prompt (Windows Key + R).
  3. Run: hdwwiz.exe
  4. Click Next.
  5. Select Install the hardware that I manually select and click Next.
  6. Select Smart Cards and click Next.
  7. Select Yubico from the Manufacturer section, YubiKey Smart Card Minidriver from the Model section, and click Next.
  8. Click Next again.
  9. Click Finish to exit the wizard.
  10. Disconnect and RDP to the server or workstation again to test.

Note: You may want to use Group Policy to standardize the Plug and Play settings across your organization.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.