Container Does Not Exist on the Smart Card
|
Problem:
RDP fails to authenticate Yubikey smart card.Error:
The requested key container does not exist on the smart card (Figure 1).Figure 1. Smart card container error. |
Assumptions:
- Yubikey runs as PIV smart card.
- Smart card has multiple authentication certificates.
- Certificates reside on slots 81-95.
Solution:
By default, Windows uses the NIST
SP 800-73 PIV smart card driver. Multiple certificates require the Yubikey smart card Minidriver. Install this driver on both the client and the server.
Important:
The Yubikey smart card MSI package does not install the Minidriver on remote servers or virtual machines. Nor does it provide an error.
The MSI installer only works when a smart card is directly connected (e.g., workstation).
To reiterate, the MSI package only updates the NIST driver when a smart card is attached to the local USB port.
The MSI installer only works when a smart card is directly connected (e.g., workstation).
To reiterate, the MSI package only updates the NIST driver when a smart card is attached to the local USB port.
Instead, use the Yubikey limited INF installer on VMs or via RDP.
Figure 2. How to Install the Yubikey Minidriver. |
Right-click on ykmd.inf. Left-click on install. That's It!