Autoenrollment fails when using a Smart Card CSP for Unified Authentication for Windows (UA) 3.0

Solution ID:    SO4802    Updated:    12/28/2015


Autoenrollment fails when using a Smart Card CSP


Private keys can not be exported from a Smart Card. During autoenrollment the key pair is generated on the Smart Card.


"You cannot use autoenrollment if you have enabled the Key Escrow option and you use smart card CSPs. Enable manual enrollment with this configuration."

Symantec cannot change the autoenrollment process as this is Microsoft's code.  In order to use Smart Card with autoenrollment, do not use a Key Management System. If a Key Management System is required, then use manual enrollment. During the manual enrollment process the key pair is generated by the Key Management System and then imported into the Smart Card.

Reference: Unified Authentication for Windows v3.0 Administrator's Guide. (September 26, 2005). 00021407, p. 63. Mountain View, CA: Symantec Corporation

Legacy ID




Terms of use for this information are found in Legal Notices


Find Answers


This article is available in the following languages: