Collecting information specific to smart card log in failure

Collect the following information prior to opening a support case related to smart card log in failure:

  • The smart card type (for example, PIV, CAC, CACNG, and so on), manufacturer, and model.
  • A screen image of the smart card and its certificates in Keychain Access.
  • The following log files:

To generate these logs, run the following commands while logged in as the local administrator:

sctool -D > /tmp/sctool_D.log
adquery user -A username_of_smartcard_user > /tmp/adquery.log
sudo ls -l /System/Library/Security/tokend/ > /tmp/tokendfolder.log
sudo adinfo -t