During a recent smart card logon certificate deployment for a customer, we decided to enable the policy which disconnects a user who has logged in using a smart-card via an RDP connection if the smart card is physically removed (“Interactive logon: Smart card removal behavior” set to “Disconnect if a remote Remote Desktop Services session”). We tested it by starting the Smart Card Logon removal service (it was in manual startup state) in the Windows 2008R2 server and when we removed the smart card, the session was indeed disconnected. However, we noticed that at subsequent logons, when the smart card was re-inserted the user would login but would be immediately disconnected. After some troubleshooting, we tried disabling the Fast Logon Optimization feature (http://support.microsoft.com/kb/305293/en-us) via GPO, and after that the problem was solved. Thus, if you find yourself tackling with the same issue, it might be useful to add a custom smart-card GPO that will also force the Smart-card removal service to Automatic and disable the Fast-Logon feature and check if these actions solve your problem.