When trying to use smart-cards/tokens to authenticate to Remote Desktop you can receive the “No Valid Certificates Were Found on This Smart Card” error for multiple reasons. It can be that you don’t have the necessary drivers installed properly. It also can be that the CA trust chain is not in place. In this post I’m not going into detail on those issues. Here it’s just going to be a quick fix for the Estonian National ID-Card not showing up in Remote Desktop. It can also apply for other ID-Cards.
Namely the issue is that national ID-Cards tend not to have the “Smart Card Logon” key usage in their certificate profiles and that’s why they aren’t showing up in Windows Remote Desktop. So if the certificate you have on your smart-card doesn’t have “Smart Card Logon” set it won’t show up either. There is a quick work around/fix for it. You just need to modify one registry setting so that Windows would accept also certificates with out the specific permissions set.
Just copy paste this into notepad and save it with the .reg extension and execute it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider]
“AllowCertificatesWithNoEKU”=dword:00000001
“EnumerateECCCerts”=dword:00000001
Windows will give you a warning, just accept it and then it should say that the keys were successfully added to the registry. Now your ID-card certificates should show up in Remote Desktop.