Windows 7 / Windows 2008 R2 / Active Directory / Smart Card auth



I have a windows 7 test client, a windows xp test client, and a Windows
2008 R2 domain with an Enterprise CA installed. I have issued a smart
card logon cert to a test user, and put it on my smart card.

It works from the XP system (meaning I can log into windows/onto the
domain using the card), but not from the Windows 7 system. Win7 gives
me the 'No valid certificate' error. Now it seems like it would be the
EKU issue I keep reading about, but upgrading the domain to R2 didn't
help. I've even changed group policy to allow smart card certs that
don't have the EKU - but it doesn't work.

Any insight appreciated.

My Computer