ACOS5 smart card and CryptoMate CSP not working with Vista

[Blades1987]

I have a Dell D630 with a built in smart card reader and I have been trying to use ACS' ACOS5 smart card for authentication, which I have had zero success. So I went out and bought ACS' CryptoMate USB token and client in order to get two-factor authentication working on Vista Enterprise and guess what? It doesn't work. Here's what I have:

At the Vista logon screen, the smart card icon has the following error:

"The card requires drivers that are not present on the system. Please try another card"

Here is the output from the certutil -csplist command:
---------------------------------------------------------
C:\Users\username.domain>certutil -csplist
Provider Name: Aloaha Cryptographic Provider
Provider Type: 1 - PROV_RSA_FULL

Provider Name: Microsoft Base Cryptographic Provider v1.0
Provider Type: 1 - PROV_RSA_FULL

Provider Name: Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
Provider Type: 13 - PROV_DSS_DH

Provider Name: Microsoft Base DSS Cryptographic Provider
Provider Type: 3 - PROV_DSS

Provider Name: Microsoft Base Smart Card Crypto Provider
Provider Type: 1 - PROV_RSA_FULL

Provider Name: Microsoft DH SChannel Cryptographic Provider
Provider Type: 18 - PROV_DH_SCHANNEL

Provider Name: Microsoft Enhanced Cryptographic Provider v1.0
Provider Type: 1 - PROV_RSA_FULL

Provider Name: Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
Provider Type: 13 - PROV_DSS_DH

Provider Name: Microsoft Enhanced RSA and AES Cryptographic Provider
Provider Type: 24 - PROV_RSA_AES

Provider Name: Microsoft Exchange Cryptographic Provider v1.0
Provider Type: 5 - PROV_MS_EXCHANGE

Provider Name: Microsoft RSA SChannel Cryptographic Provider
Provider Type: 12 - PROV_RSA_SCHANNEL

Provider Name: Microsoft Strong Cryptographic Provider
Provider Type: 1 - PROV_RSA_FULL

Provider Name: Microsoft Software Key Storage Provider

Provider Name: Microsoft Smart Card Key Storage Provider
CertUtil: -csplist command completed successfully.
--------------------------------------------------------

I have attached the output of the CSPTEST, which causes the following message to be displayed:

"The card is available for use. However, the card is not the one being requested, and cannot be used for the current operation."
<img alt="">
It looks like the CSP is not linking to the ACS CryptoMate or the ACOS5.

If anyone has any insight into this issue, I would greatly appreciate your feedback.

 

[Blades1987]

It has been a couple of months since I posted this entry and wanted to post a follow up. Simply out, the current release of the ACOS5 2.4 CSP, which includes CryptoMate USB, does not work with Vista. The drivers fail to load properly into Vista and the CSP does not work for generating certificates through the MMC Certificate interface or the Web Enrollment Interface on both Server 2003 and Server 2008. So anyone looking to use the ACS SmartCards for Vista, I would recommend against it.

 

[Blades1987]

Final update. ACS has a new driver out for the ACOS5 CryptoMate that works with Vista (Released March, 2009). I have tested the driver against the 2003 and 2008 CAs and I can generate certificates over Vista Enterprise SP2.

 

[kaoss]

hey, I am having a problem getting windows 7 or vista to recognize my ACOS5 card. Device manager recognizes the cryptomate but the smart card driver can not be found.

When you say you got it to work with vista, can you actually use it for the logon? I can not even create a certificate with bitlocker because it can not find the drivers for the smart card. Communicating with ACS seems futile so far.

 

[AndreaChandler]

I got CSP v2.4 and it works on my Vista x86 and Windows 7 but have problems with x64.

For smart card driver cannot be found. That is a Windows problem that expects a smart card module to be installed on the machine. It can be disabled by following this link: Before You Begin Troubleshooting

I contacted ACS about Windows x64 support. They said they will have it at the first quarter of this year.

 

[TonyJr]

Hi,

Anyone had any luck getting x64 working? I have the 2.4 SDK on Windows Server 2008 R2 x64 Enterprise and have similar problems.

Tony