Our Active Directory domain recently enforced smart card logons for administrator accounts. Since this change we have been unable to access some servers (2008 R2) using Remote Desktop. When attempting to logon we get the following error message:
"The Kerberos protocol encountered an error while validating the KDC certificate during smartcard logon."
Checking the event logs I find the following:
Failure Reason: An Error occurred during Logon. Status: 0xc000006d Sub Status: 0xc0000320
This problem does not occur on all of our servers. We can login to some of our physical and some of our virtual servers, so it seems to be a problem with individual server configurations, but I'm unsure where to start looking. ActivClient is installed, so, unless it's misconfigured that's not the problem
