Failure to Delegate Default Credentials with Smart Card
Updated: November 16, 2009
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
After configuring the Group Policy setting of your terminal server to allow the delegation of default credentials, single sign-on (SSO) fails if smart cards are used to log on to the local computer.
Smart card credentials cannot be delegated to allow SSO. Windows is unable to delegate smart card credentials that are supplied during an interactive logon or that are explicitly saved in the Credential Manager for a specific target. The Allow Delegating Default Credentials Group Policy setting located in Computer Configuration\Administrative Templates\System\Credentials Delegation affects only the ability to delegate or prohibit the delegation of new smart card credentials entered into the Remote Desktop Connection dialog box.
No resolution or workarounds are available at this time.
To learn more about SSO for Terminal Services logon, see Single Sign-On for Terminal Services.