Currently, we are using a Gemalto IDPrime .NET card at pre-boot and we are moving to a Gemalto IDPrime MD830B card.
For each new user, I add them to a PAR, enable UDP, and then run the DE and LDAP server tasks. Generally, it is working well. I do, though, have two issues.
Issue 1:
I am having a problem with two users. No matter what I do, they continue to get the "Not a Suitable Card" error at PBA. I have validated multiple times they are in the PAR, their account is not disabled, they can log into Windows, their certificate is published in AD, and that non-standard UBP is enforced. We've replaced the card for one user and the problem remains. What am I missing?
Issue 2:
We are going to be moving a lot of users to the new card in the next couple of months. We are getting their certificates auto-published into AD so that minimizes user interaction. I still have the problem of having to set their UBP to non-standard. Is there a way to automate this or script it or something? It will become quite cumbersome to have to do this by hand for 300+ users. Any advice you can provide would be greatly appreciated.