R
RBZL
Guest
Hello,
I have a YubiKey4 that I recently set up with a self-signed smart card certificate per this guide: Using Smart Cards with BitLocker . I encrypted two hard drives with it via BitLocker, one an external USB drive and one an internal fixed drive that isn't the Windows OS drive.
Everything was working fine for about 5 days - I could unlock the drives by inserting the YubiKey "smart card" and entering the PIN for it.
One day, I tried to unlock a drive and I received the error "A valid smart card wasn't detected". The light on the YubiKey would illuminate, but that was it. I unlocked the drives using the recovery key, added a password instead, and removed the smart card. I could re-add the smart card without an error in the BitLocker settings for the drive; however, unlocking the drive with the smart card continued to not work.
I started over with the smart card by resetting the YubiKey PIV applet and re-creating another BitLocker smart card certificate per the guide I linked to above. I re-added the smart card in the BitLocker settings for the drive again, and the smart card works to unlock the drive! ...until I reboot the computer. After a reboot, I receive the "A valid smart card wasn't detected" error again and I'm back to square one.
I've determined the YubiKey seems to be working fine, but for some reason after a system restart BitLocker doesn't like it anymore. The YubiKey PIV Manager application shows that all is well on the "smart card" end, with one certificate installed for BitLocker. Yubico support had me remove their smart card minidriver and revert to the basic Windows smart card driver, but that doesn't seem to make a difference either (and I can't generate and install a certificate through Windows without the minidriver anyway). When it works, it works with the Yubikey smart card minidriver too.
Any suggestions would be appreciated.
More...
I have a YubiKey4 that I recently set up with a self-signed smart card certificate per this guide: Using Smart Cards with BitLocker . I encrypted two hard drives with it via BitLocker, one an external USB drive and one an internal fixed drive that isn't the Windows OS drive.
Everything was working fine for about 5 days - I could unlock the drives by inserting the YubiKey "smart card" and entering the PIN for it.
One day, I tried to unlock a drive and I received the error "A valid smart card wasn't detected". The light on the YubiKey would illuminate, but that was it. I unlocked the drives using the recovery key, added a password instead, and removed the smart card. I could re-add the smart card without an error in the BitLocker settings for the drive; however, unlocking the drive with the smart card continued to not work.
I started over with the smart card by resetting the YubiKey PIV applet and re-creating another BitLocker smart card certificate per the guide I linked to above. I re-added the smart card in the BitLocker settings for the drive again, and the smart card works to unlock the drive! ...until I reboot the computer. After a reboot, I receive the "A valid smart card wasn't detected" error again and I'm back to square one.
I've determined the YubiKey seems to be working fine, but for some reason after a system restart BitLocker doesn't like it anymore. The YubiKey PIV Manager application shows that all is well on the "smart card" end, with one certificate installed for BitLocker. Yubico support had me remove their smart card minidriver and revert to the basic Windows smart card driver, but that doesn't seem to make a difference either (and I can't generate and install a certificate through Windows without the minidriver anyway). When it works, it works with the Yubikey smart card minidriver too.
Any suggestions would be appreciated.
More...