The following issues apply to workstations:
If the login fails with an error message of No Certificates Found, NESCM failed to read the smart card's certificates. Check the following items:
The smart card reader is installed and functional.
The smart card is configured with a valid certificate and associated private key.
Ensure that the smart card is not locked. Smart cards require a valid PIN to access them. Most smart cards are locked after three invalid PIN attempts.
The proper smart card middleware is installed and operational. Most middleware includes tools for viewing the information on the smart card.
The method is properly configured to communicate with the middleware. During installation, a smart card communication interface is selected. The recommended setting is PC/SC. If PC/SC communication is failing, you might want to try PKCS#11. When using PKCS#11, you must also specify the correct vendor library (DLL). The library must be in the system path so that it can be loaded by the method. If it is not in the system path, you must specify the absolute path of the library. Contact the middleware vendor for the specific PKCS#11 library name. For a list of common vendors and PKCS#11 libraries, see Table A-1.
Because the User Account Lookup searches the directory before the actual login, it requires anonymous browse rights to be enabled in eDirectory. If the directory restricts anonymous browse, User Account Lookup does not work.
If the ID plug-in does not find a user account in the first server, it does not search for the user account in other servers that are specified in the Identity plug-in configuration and displays an error.
Sometimes Identity plug-in might not return users associated with the smart card when the system is restarted. To work around this issue,
Manually enter the user name
or
Wait for sometime, then click the Workstation only Logon option.
Click the NetIQ Logon option.
The Identity plug-in displays the correct user names.