Introduction to Network Authentication Guides
Known Network Authentication Issue May 2022!
Some PIV based authentication to Microsoft Domain Controllers maybe impacted by May 2022 Windows server patches. If you encounter these PIV network logon issues, please review the CISA Guidance, which is supported by the following Microsoft Knowledge Base Article page. Additional technical guidance can be requested through cyberlaison at CISA dot DHS dot GOV
These Network Authentication guides will help you configure your Windows network domain for smart card logon using PIV credentials.
There are many useful pages and technical articles available online that include details on configurations and using generic smart cards. The information presented here addresses common questions and configurations specific to the U.S. federal government, PIV smart cards, and U.S. federal civilian agency certification authorities.
Work with your Network Engineers, Domain Admins, Account Management, and Information Security colleagues to review the information, perform the configurations, and troubleshoot any issues.
Check the following items before reviewing these network guides and lessons learned:
- Users have PIV credentials and PIV card readers.
- You are using Microsoft Active Directory to manage your Windows network.
- Domain Controllers are Microsoft 2012 or newer.
- User workstations are joined to your network and are Windows 8 or Windows 10-based.
There are five configuration categories to review with your colleagues. All five include steps that must be completed; it’s best to review and complete the configuration categories in this order:
- Network Ports and Protocols
- Domain Controllers
- Trust Stores
- Account Linking: Associating PIV credentials with User Accounts
- Group Policies and Enforcement
There are five additional guides:
- Network Tuning
- Local Certification Authority
- Authentication Assurance
- PIV Authentication on MacOS
- Troubleshooting PIV Logon
We want to add additional information for installing Online Certificate Status Protocol (OCSP) services, addressing common errors and troubleshooting, and configuring MacOSX and other operating systems.
Submit an Issue to identify information that would be helpful to you, or consider contributing a page to these guides with your lessons learned.