Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. A Terminal Server smartcard logon using RDP 6.0 may fail with error code 0x507

A Terminal Server smartcard logon using RDP 6.0 may fail with error code 0x507

View products that this article applies to.

Source: Microsoft Support

↑ Back to the top

Rapid publishing

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

↑ Back to the top

Symptom



A Terminal Server smartcard logon using RDP 6.0 may fail with error code 0x507 (authentication error).



Error code details:

  • Hex: 0x507

  • Decimal: 1265

  • Symbolic Error:� ERROR_UNIDENTIFIED_ERROR

  • Friendly Error: Insufficient information exists to identify the cause of failure.

↑ Back to the top

Cause



For smartcard authentication to work over terminal services, the user certificate must be present in the certificate store, and it must match the selected certificate on the smartcard. This is unlike local logon where the certificate only needs to be present on the smartcard. If the Certificate Propagation service (certpropsvc) is not running on the client machine, the certificate is not propagated to the user store. This leads to the error condition. This is usually seen when a new certificate is issued that is not propagated to the user store because the Certificate Propagation service was stopped.

↑ Back to the top

Resolution



The smartcard reader is responsible for starting the Certificate Propagation service as a part of the INF installer. Make sure all reader drivers have the following section in their INF:

  • [Reader.Install.AddReg]

  • HKLM, Software\Microsoft\Cryptography\Calais\Readers,,,

  • HKLM, System\CurrentControlSet\Services\SCardSvr,Start,0x00010001,2

  • HKLM, System\CurrentControlSet\Services\CertPropSvc,Start,0x00010001,2�


If the Certificate Propagation service does not occur, contact the reader vendors and have them update their drivers.



Workaround



As a workaround, start the service manually. Normally, set the Certificate Propagation service to start automatically in the �service.msc� snap-in.

↑ Back to the top

More information



The �sc queryex certpropsvc� command or the �services.msc� snap-in may be used to determine whether the service is running.

↑ Back to the top

Disclaimer

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE �MATERIALS�) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

↑ Back to the top

Keywords: KB968005, kbrapidpub, kbnomt

↑ Back to the top

Article Info
Article ID : 968005
Revision : 1
Created on : 2/16/2009
Published on : 2/16/2009
Exists online : False
Views : 203