Dear Community,
we are currently troubleshooting an issue where a crypto device (Smartcard containing a digital certificate) is randomly blocked due to wrong PIN entry.
The crypto device is used exclusively to authenticate the user against a website (mutual certificate authentication) and not part in the windows logon process.
The system is Windows 10 LTSC Enterprise 2019, patched to latest and part of a domain.
The issue has been reported to us since inception of 2FA logon in September 2020.
The users claim not to be asked for PIN entry prior to the crypto device being blocked, it happens "suddenly". The Event viewer under subsection:
"Microsoft / Windows / SmartCard-Audit" -> "Authentication":
lists multiple events 101: Cardholder verification by process Edge successful, this is the expected use of the crypto device.
But also 4 events 100: Cardholder verification by process lsass.exe: failed
Those failed events are in 1 second intervals, always fail and exceed the amount of login tries to the crypto device therefore blocking it.
A test system of the same build, but not joined to the domain has never shown that behavior.
Any ideas or hints are greatly appreciated.
We are looking for root cause but primarily for a way to keep OS components from polling or interacting with the crypto device.
Best regards
Lukas