![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 68%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 59%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
That error usually means the user account isn’t set up right to log in with a smart card over RDP. A few quick things to check:
Make sure the user’s AD account allows smart card logon (check if “Smart card required for interactive logon” is set correctly).
Confirm the cert on the YubiKey is meant for smart card logon and properly mapped to the user.
Take a peek at your Group Policy to ensure smart card auth is allowed.
If you’re using any extra credential providers, they can sometimes mess with this—try disabling them temporarily.
Also, double-check your RDP client supports smart card redirection and is up to date.
One more tip: try logging in directly on the server console with the YubiKey to see if it’s just an RDP thing or something bigger.
Hope that helps! Let me know how it goes or if you want to dig deeper into any of these.
Cheers!