Symptoms

Smart card logon fails with error You cannot use a smart card to log on because smart card logon is not supported for your user account, which possibly indicates your domain controller does not have a valid certificate.

Solution

Follow these steps to request a new certificate:

  1. Log in to the domain controller
  2. Open the Run prompt and run mmc (if prompted to elevate permissions, select Yes)
  3. Click File > Add / Remove Snap-In...
  4. Select Certificates and click Add >
  5. Select Computer account and click Next
  6. Select Local computer and click Finish
  7. Click OK
  8. In the tree view on the left, navigate to Certificates (Local Computer) > Personal > Certificates
  9. Click Action > All Tasks > Request New Certificate…
  10. Click Next
  11. Select Domain Controller Authentication and click Next
  12. Click Finish