Solution 20-11: If you have received a new CAC after 11 June 2016, and trying to use the Do D visitor access, you won't be able to.
DISA has not figured out a way yet to authenticate the CACs with the newer Root certifications of Root CA3 and Root CA4.
This is due to the way your credentials are cached on the computer.
Solution 2-7: Solution 2-8: If you have a 3rd party DAR (Data at Rest) called Credent installed, it seems to encrypt something in the user's profile that will not allow them to logon cached.
Mac users who have purchased the IO Gear GSR-202, GSR-202V, or GSR-203 CAC readers may have problems.