Good afternoon we have started moving to production with our PIV card and two factor authentication.
In the initial testing things went very smoothly, almost no errors, and those that we came across did not seem to slow up the progress.
However now that we have started moving to production we are seeing some additional errors.
1.) The IAS client was through the trial activation period, what effect can that have on trying to log on using the Smart Card? (We have since added a license number for 35 pilot users but I would like to know the overall effect in any case)
2.) When trying to use the Smart Card for log on we are seeing the following:
Enhanced Smart Card
User Lookup Failed: unable to contact server
we have tried to fill in the IP address of the LDAP server (alone), have added the port number (389 is blocked in our environment, so just using 636), and have changed the time out values and basically keep getting the error from above, "user lookup failed: unable to contact server"
For point 2 of your question: When using port 636, you use an SSL connection and you need to include the path to the SSL certificate or the trusted root certificate of your tree. When in doubt, take a capture of the traffic generated and see where it fails.