Hello.
We have windows server 2012 R2 named RDP. On this server policy "Interactive logon: Require smart card " is enabled. Server is domain member. Also we have internal PKI. One Root CA and one Issuing CA. CRL is published on http web server. This CRL URL is available from RDP server. And smart card logon works fine.
I revoked user's certificate and published crl. But user still able connect to server. What do I need to do to user cannot to logging to RDP server after i revoked certificate? I tried run "certutil -setreg chain\ChainCacheResyncFiletime @now" on RDP server, but user still connect. Where checked CRL? On RDP server or on KDC? Maybe i need run this command on all domain controllers?
