- 03 Apr 2025
- 4 Minutes to read
- Print
- DarkLight
- PDF
Troubleshoot Smart Card Reader and Portal Extension Issues
- Updated on 03 Apr 2025
- 4 Minutes to read
- Print
- DarkLight
- PDF
View some common issues and how to resolve them.
A User is Offered Multiple Certificates for Authentication: Clean Local Certificate Store (User)
An end user might have multiple certificates corresponding to the same account in their user store. This usually happens after a device was replaced or renewed. When that happens, all those certificates may be offered for authentication, which can be confusing.
Tip
Remove older certificates to help avoid this issue
Clean the Local Certificate Store on MacOS
You must use the command line to unpair the smart card. See Apple's Advanced smart card options on Mac article for details.
Clean the Local Certificate Store on Windows
Verify the following procedure with official Microsoft documentation.
On the "faulty" machine, sign on with the account experiencing the issue
Press the Windows and R keys together, then type
certmgr.msc
to open the certmgr console
Click OK
In the Certificate User Store, expand Personal > Certificates
Search through the list of certificates and locate the certificates corresponding to the signed-in user
There must be at least two certificates to perform this procedure.
In the Details, write down each serial number
On the same machine, ensure the device is inserted and disconnect every other device from the machine
Open a command line and run
certutil -SCInfo
to determine the serial number of the certificate
Warning
Do not write down or take note of any serial numbers corresponding to the root chain (the issuing and root CAs)
In the certmgr console, delete all duplicate certificates that do not match the certificate
Remove and reinsert the user's device, then wait few seconds
Right-click the Certificates folder
Click Refresh
Once the console refreshes, there should no longer be any duplicate serial numbers
The Axiad Portal Extension is Not Configured Correctly: Reconfigure the Extension
If the Axiad Portal Extension Icon is Orange
An orange icon indicates that the portal you're connecting to is not safelisted.
Manually Trust the Site (Short-Term Solution)
Click the Axiad Portal Extension icon
In the dialog box displays, select ALWAYS to trust the URL and never ask again, or select ALLOW to trust the URL once, and ask for verification again next time
Refresh the page
The icon turns green, and you can now manage devices
Check Your Trusted Sites List
Check which sites are trusted (manually beforehand, or automatically pushed by your organization's IT department) for typos or misconfigurations.
Right-click the extension icon
Select Extension options
Confirm the portal URL is listed under Whitelist
If the Axiad Portal Extension Icon is Red
A red icon indicates that the portal you're connecting to is not safelisted, and you are not allowed to change it to a safelisted site per your organization's policy. The environment is locked down and misconfigured.
Note
If you do not have permissions to modify your HKEY_LOCAL_MACHINE registry, then contact your IT department
Add a Site to Your Trusted Sites List
Locate the following entry to verify that the site is not added to the list:
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\3rdparty\extensions\pbabkmdefcmabmlmnkmnlcijhcgmmdnc\policy]
; Controls whether or not the user may influence the whitelist.
;
; If true (1), limit the user to only hosts whitelisted ahead of time.
; If false (0), let the user approve or deny access to any host not whitelisted
; ahead of time.
;
"noedit"=dword:00000000
Add an entry with the URL to your portal
Example:
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\3rdparty\extensions\pbabkmdefcmabmlmnkmnlcijhcgmmdnc\policy\whitelist]
; Provides a preseeded whitelist of hosts that the WebPCSC Bridge will trust
; automatically.
;
; Create values of type REG_SZ numbering from 1 to N for as many entries as you
; desire.
;
"1"="portal-<stack>.cloud.axiadids.net"
Note
The example above is listed for Google Chrome, but it works the same for Edge Chromium with the path
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\3rdparty\extensions\pbabkmdefcmabmlmnkmnlcijhcgmmdnc\policy\whitelist]
Should be instead:
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\3rdparty\extensions\pbabkmdefcmabmlmnkmnlcijhcgmmdnc\policy\whitelist]
Also there is a dedicated Edge extension known with another ID (jji... instead of pba...) which will be:
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\3rdparty\extensions\jjilfdljambeacgjgnkhjhpiijgjddjl\policy\whitelist]
The Smart Card Registry is Corrupted: Refresh the Registry
Sometimes the registry gets corrupted, and the smart card is not detected correctly. It is linked to the smart card information stored in the registry. When it happens, the device cannot be used anymore until it is purged from the entry listed below, even a reboot will not change that. This issue is more frequent with Windows 10 build released prior to build 1809 (released on 2019-03-28). Since build 1809, the occurrence of that problem has been much less frequent.
Refresh the Registry on MacOS
You must use the command line to unpair the smart card. See Apple's Advanced smart card options on Mac article for details.
Refresh the Registry on Windows
Verify the following procedure with official Microsoft documentation.
On the faulty machine, log in with an admin account if possible
If an admin account is not available, access the user's session and elevate your privileges to an administrator level
Unplug the user's device from the machine
Press the Windows and R keys together to open a Run window, and type
services.msc
Click OK
On the Service console, right-click the Smart Card service and select Stop
Press the Windows and R keys together, then type
regedit
Click OK
On the registry, navigate to the Computer > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Cryptography > Calais > Cache folder
In the right panel, right-click Cache and select Delete
Back in the Services console, right-click the Smart Card service
Select Start and wait for the status to change to Running
Log off as administrator, or close the Regedit and Services consoles
Reinsert the device and sign on