Skip to main content
ilyas1
ilyas1
Explorer
August 15, 2025
Question

Smart Card (FortiToken 310) Certificate Logon Failing The credentials could not be verified

  • August 15, 2025
  • 3 replies
  • 828 views

I am implementing certificate-based authentication for Windows logon using FortiToken 310 and FortiAuthenticator.

Configuration steps completed:

Integrated FortiAuthenticator with Active Directory.

Created a Root CA on FortiAuthenticator.

Generated a user certificate, signed it with the FAC CA, and imported it into the FortiToken 310 via FortiToken Manager.

Configured the token PIN.

Imported the FAC Root CA into the Windows Trusted Root Certification Authorities store on the test PC.

Enabled smart card logon policy on the Windows test machine.

Test results:

The Windows login screen recognizes the FortiToken smart card.

The PIN is accepted successfully.

However, authentication fails with the error:
"The credentials could not be verified."

 

FortiAuthenticator  FortiToken 310  #Windows logon 

@Anonymous

@support

3 replies

Anthony_E
Staff
Anthony_E
Staff
August 18, 2025

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
    FortiDor
    FortiDor
    Explorer II
    August 18, 2025

    Hello @ilyas1 

     

    It seems an issue on the Windows side to be able to check the certificat included on your smartcard.

     

    Please check the Microsoft KB and the Certificat Store used :

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/your-credential-could-not-be-verified-error-when-logging-on-to-windows-by-using-whfb

     

     

      ilyas1
      ilyas1Author
      Explorer
      August 18, 2025

      Hello,

       

      Thank you for your reply.

       

      Please find below the FortiAuthenticator logs after enabling debug mode and reproducing the test.

       

      Mon Aug 18 16:13:30 2025     user authentication error: user not partially authenticated

      ID  1345

      Timestamp Mon Aug 18 16:13:30 2025

      Level information

      Action Authentication

      Status Authentication

      Source IP FAC_GUI

      Message user authentication error: user not partially authenticated

      User admin

      Log Type

      Type Id  20328

      Name Authentication Failed No Partial Auth

      Sub Category Authentication

      Category Event

      Description Authentication failed, user has not been partially authenticated

      FortiDor
      FortiDor
      Explorer II
      August 21, 2025

      Hello @ilyas1 

       

      Can you check with the FAC Debug view directly ? 

      https://<FAC IP>/debug/

       

      You can check in the RADIUS /LDAP sections

       

      Here is a KB to be able to check :

      https://community.fortinet.com/t5/FortiAuthenticator/Troubleshooting-Tip-How-to-debug-FortiAuthenticator-Services/ta-p/195991

      Terms & ConditionsAccessibility statement