When you implement smart card logon on a Windows domain, sometimes you may receive the following error message:
The system could not log you on. The server authenticating you reported an error (0xC00000BB). You can find further details in the event log. Please report this error to the system administrator.
There is a Microsoft KB article (891849) describing the issue. However, the sAMAccountName and userPrincipalName prefix mismatch aren’t always the cause.
Users receive same error when the domain controller doesn’t have a DC certificate installed. That can happen if a manual procedure or a 3rd-party CA are used for domain controller certificate enrollment – you can miss some of the DCs.
For information about domain controller certificates read Advanced Certificate Enrollment and Management on TechNet and MS Knowledgebase article 291010 – Requirements for Domain Controller Certificates from a Third-Party CA.