Removing the pwd token is a big no-no, as other tokens, like the ai token, use it prior to the cert being set for pki auth.
Remember you can't actually create a user with the ai pki token, you need to let the connector create it for you.
Did you recently remove the pwd token from the preboot, as I am a little mystified how you could have deployed successfully :-)
Thanks for the reply.
We have a very restrictive policy where every users, even the administrator is using pki auth with ai (we deleted the root admin account after running the ldap connector). Hence, the password dll and dlm was removed.
Yes, we did use the ldap connector to create the user with ai as their logon token. All the users have a smart card logon cert assigned to them. This particular user was able to logon successfully for 2-3 weeks after installation with his ai smart card until few days back where he get the reported error message when he tried to logon at PBA. i find this issue rather strange as I had check the audit log as well as the LDAP log and no changes have been made to the user account/ At the same time, we had deployed close to 3000 users using only ai token at pba and so far, only this user encountered this problem.