CLM and Admin Key initial value for Smart Card Base CSP cards

[Sergeev@discussions.microsoft.com Eugene Sergeev]

Hi,

A have a pack of new Aladdin Java Cards based on Athena OS755 running with
minidriver.

All cards were initialized using default initialization key with Aladdins
PKI Client with custom USER and ADMIN pins. Lets say user PIN is 1234567890
and admin PIN is 0987654321.

On a CLM profile the option to deversify admin pin is on and admin PIN
initial value field left blank.

The error comes on enrollment during new card initialization. It fails with
Incorrect PIN was presented. eToken PKI Client shows that number of admin pin
wrong attemps decreased by 2.

Entering 0987654321 as Admin key initial value (hex) in a profile makes
another error: incorrect 3DES key, size must be 24 bytes.

Changing card's admin pin to 24 zeros and entering 00000... as initial value
doesn't help either - incorrect pin error

CLM docs says: Admin key initial value (hex) – Configures a 3DES hexadecimal
value. Type a 3DES value, and then configure it as the initial admin keys for
blank Microsoft Base Smart Card CSP compliant smart cards.

Ideas wanted.

I can format a card to any admin pin and the only question is WHY it doesn't
work with Admins key initial value and if its not a plain Admin pin, then
what this value is?

ps. Gemalto .NET cards works perfect with this profile and blank initial key
value.

[Eugene Sergeev]

admin pin on token of 12 zeros 000000000000
and
Admin Key initial value (hex) =
003000300030003000300030003000300030003000300030

doesn't work too.