How to Fix Windows Error 0x80100069
By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-25
| Error code | 0x80100069 |
|---|---|
| Symbolic name | SCARD_W_REMOVED_CARD |
| Platform | Windows |
| Official message | The smart card has been removed, so that further communication is not possible. |
| Source | Microsoft MS-ERREF (HRESULT) (https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/) |
What is 0x80100069?
0x80100069 is a HRESULT value returned by the Smart Card Resource Manager (SCardSvr) and PC/SC layer that mediates between applications and physical or virtual smart cards. In plain English: a smart card subsystem reports 'the smart card has been removed, so that further communication is not possible' (symbolic name scard w removed card). Applications that call into this subsystem propagate the value back to the caller through GetLastError, an HRESULT return, or an SEH exception, so the same numeric code can surface in event-log entries, debugger output, installer logs, and user-facing dialogs.
The code is a fact, not a fault on its own. It tells you which subsystem objected and why, which is enough to point you at the configuration, permission, or state problem that's behind it. The fix sections below assume a stock Windows 10, 11, or Server 2019/2022 install.
When does 0x80100069 appear?
The most common situations that produce 0x80100069 during smart-card logon, certificate-based authentication, code signing with a smart-card stored key, and PIV/CAC card operations:
- The Smart Card service (SCardSvr) is stopped or disabled.
- The card reader's driver isn't loaded or the USB device has disconnected.
- No smart card is inserted, or the card is inserted in a reader that isn't enumerated.
- The card's PIN has been locked after too many bad attempts.
- The minidriver for the card brand (Gemalto, IDEMIA, YubiKey, etc.) is missing.
- A virtual smart-card profile bound to the TPM is no longer accessible.
If you have an event log entry with 0x80100069, note the source provider (the value in the ProviderName column). That provider name tells you which binary actually raised the error and is the first clue for which fix below to start with.
How to fix 0x80100069
Work top-down. Each block below is runnable on a stock Windows install with administrator rights. Run them in PowerShell elevated unless the comment says otherwise.
Detect what raised 0x80100069
# Detect: search the event log and recent application logs for 0x80100069.
Get-WinEvent -LogName Application -MaxEvents 200 |
Where-Object { $_.Message -match '0x80100069' -or $_.Message -match 'SCARD_W_REMOVED_CARD' } |
Format-Table TimeCreated, ProviderName, Id, LevelDisplayName, Message -AutoSize
# Capture the live process that surfaced the error so you can re-run it under
# a debugger or transcript.
Get-Process |
Where-Object { $_.MainWindowTitle -ne '' } |
Select-Object Id, ProcessName, Path |
Sort-Object ProcessName
# Re-run the failing call with verbose output. Replace the placeholder with the
# real command that triggered 0x80100069 for you.
$ErrorActionPreference = 'Stop'
try {
& 'C:\Path\To\FailingApp.exe' --verbose
} catch {
Write-Host "Caller surfaced: $($_.Exception.Message)"
Write-Host "HResult: 0x{0:X8}" -f $_.Exception.HResult
}
Cross-check with CMD
:: Surface the numeric meaning of 0x80100069 from the local message tables.
net helpmsg 105
:: Pull the most recent matching events from the Application log.
wevtutil qe Application /q:"*[System[Provider[@Name='Application Error']]]" /c:50 /rd:true /f:text | findstr /i "0x80100069 SCARD_W_REMOVED_CARD"
:: Show installed Windows features that touch the failing subsystem.
dism /online /get-features /format:table | findstr /i "Crypt Cert SmartCard TPM COMPlus MSDTC"
Targeted commands for the Smart Card subsystem
# Restart the Smart Card service group and re-enumerate readers.
Restart-Service -Name SCardSvr -Force
certutil -scinfo
Repair the underlying components
# Repair pass 1: confirm system files are intact. Smart Card subsystem relies on a
# correctly installed Windows image, and 0x80100069 often clears once SFC and DISM
# repair tampered or missing components.
sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth
# Repair pass 2: re-register the most common helper DLLs for the affected
# subsystem. Run elevated.
regsvr32 /s wintrust.dll
regsvr32 /s softpub.dll
regsvr32 /s mssip32.dll
regsvr32 /s initpki.dll
# Repair pass 3: reset the Windows Update + cryptographic services group so any
# corrupted state in catroot2 or SoftwareDistribution is rebuilt.
Stop-Service -Name wuauserv, bits, cryptsvc, msiserver -Force
Rename-Item C:\Windows\SoftwareDistribution C:\Windows\SoftwareDistribution.bak -Force
Rename-Item C:\Windows\System32\catroot2 C:\Windows\System32\catroot2.bak -Force
Start-Service -Name wuauserv, bits, cryptsvc, msiserver
If you can't fix it immediately
Workarounds buy time, they don't solve the underlying issue. Use these only while you schedule a proper fix:
- Run the failing process elevated (
Start-Process -Verb RunAs) so it stops tripping over permission checks. - Roll back the most recent Windows update if 0x80100069 started after a Patch Tuesday. Use
wusa /uninstall /kb:<KB-number>. - If the failing app is a service, restart the service group it depends on. For example:
Restart-Service -Name CryptSvc, BITS, wuauserv -Forcefor crypto-related codes. - Create a System Restore point and try a known-good restore. Restore is non-destructive to user data but will revert recent driver and update changes.
- Boot into safe mode (
bcdedit /set {current} safeboot minimal && shutdown /r /t 0) to isolate whether a third-party driver or filter is in the call path.
How to verify the fix worked
Re-run the operation that originally surfaced 0x80100069. The exact verification depends on which subsystem you're testing, but the pattern is always the same: trigger the failure path, watch the event log, and confirm the code no longer appears.
# 1. Clear the application log so you start with a clean slate.
wevtutil cl Application
# 2. Re-run the operation that produced 0x80100069.
# (Replace this with the command, installer, or app launch that failed before.)
# 3. Inspect the application log for any new entries that mention 0x80100069.
$matches = Get-WinEvent -LogName Application -MaxEvents 200 |
Where-Object { $_.Message -match '0x80100069' }
if ($matches) {
Write-Host "0x80100069 still surfaces, see entries above." -ForegroundColor Yellow
$matches | Format-Table TimeCreated, ProviderName, Id, Message -AutoSize
} else {
Write-Host "0x80100069 no longer appears in the application log." -ForegroundColor Green
}
If the code is gone from the log and the previously failing operation now completes, the fix is in place. If it returns, capture a fresh trace with Get-WinEvent and compare the ProviderName field against the list of triggers above.
Frequently asked questions
What does 0x80100069 mean exactly?
0x80100069 is the HRESULT value that the smart card subsystem returns when a smart card subsystem reports 'the smart card has been removed, so that further communication is not possible' (symbolic name scard w removed card). The numeric value is reserved by Microsoft and won't be reused for another condition.
Is 0x80100069 dangerous?
In isolation it is mostly an indicator, not a vulnerability. The code is a symptom, not the disease. It tells you a permission, state, or configuration check failed inside a Windows subsystem. The risk depends entirely on what the calling app does when the call fails. A signed-update check that fails is more serious than a transient registry read that retries successfully.
Will reinstalling Windows fix 0x80100069?
Almost certainly yes, but it is far more work than the situation calls for. 0x80100069 usually clears with a targeted fix to a service, driver, certificate store, or registry key. A repair install (in-place upgrade) is a reasonable last step if the targeted fixes don't take. A clean reinstall should be the final option, not the first.
How is 0x80100069 different from other codes in the same group?
The numeric value is unique. Two codes can come from the same smart card subsystem and look related, but Microsoft reserves each one for a distinct condition. Always cross-reference the symbolic name in MS-ERREF before assuming two codes share a fix.
Where do I get the official meaning of 0x80100069?
The canonical reference is the MS-ERREF specification. The HRESULT and NTSTATUS tables there are the definitive list of codes, their symbolic names, and the official message text.
Related error codes
Errors that share the same smart card subsystem are often resolved by the same fix. Start with these:
- How to fix 0x80100001: SCARD_F_INTERNAL_ERROR
- How to fix 0x80100002: SCARD_E_CANCELLED
- How to fix 0x80100003: SCARD_E_INVALID_HANDLE
- How to fix 0x80100004: SCARD_E_INVALID_PARAMETER
- How to fix 0x80100005: SCARD_E_INVALID_TARGET
Related fixes
Related guides worth a look while you sort this one out:
- How to Fix Windows Error 0x80100030
- How to Fix Windows Error 0x80100031
- How to Fix Windows Error 0x80100065
- How to Fix Windows Error 0x80100066
- How to Fix Windows Error 0x80100067
- How to Fix Windows Error 0x80100068
References
- Microsoft Learn, System Error Codes (Win32): https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes
- Microsoft MS-ERREF (full Windows error code reference): https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/
- Microsoft Learn, HRESULT values: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/0642cb2f-2075-4469-918c-4441e69c548a
- Microsoft Learn, Smart Card reference: https://learn.microsoft.com/en-us/windows/win32/secauthn/smart-card-authentication
Field notes from real Windows incidents
When I work on the 0x80100069 symptom the rhythm I lean on is the one I have built over years of these tickets, not a stack of generic advice. Windows error codes come in a handful of families; once you recognise the family, the doc page is one search away. STOP codes look terrifying but the first DWORD almost always points directly at the responsible driver.
Reliability Monitor is the single most underused triage surface in Windows — it gives 30 days of crash history without writing a query. DISM RestoreHealth needs network or a known-good source image; the most common cause of a failed RestoreHealth is a blocked Windows Update endpoint.
Tools I actually reach for
For the 0x80100069 symptom on Windows the cheapest signal I can land usually comes from DISM and sfc, then Event Viewer (eventvwr.msc), Reliability Monitor (perfmon /rel) when DISM and sfc cannot see the layer the fault sits in, and Windows Error Lookup Tool (err.exe) for the cases where neither of those answers cleanly. That ordering is not academic. It matches the layers the failure tends to surface through, so the cheap signal lands first and the heavier tooling only comes out when the simpler answer does not hold up under scrutiny.
Verification I run before I close the ticket
Before I mark the 0x80100069 symptom resolved on a Windows unit, the verification loop below is what I actually run. Each step proves a different layer is green, and the order matters - the cheap checks gate the more expensive ones.
err.exe 0xXXXXXXXX # symbolic decodeIf that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.
wevtutil epl System system.evtx # export for offline reviewIf that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.
sfc /scannowIf that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.
Get-WinEvent -FilterHashtable @{LogName='System'; Level=1,2; StartTime=(Get-Date).AddDays(-7)}If that one comes back clean, move to the next check. If it does not, stop and dig in there before layering more verification on top of a red signal.
DISM /Online /Cleanup-Image /RestoreHealthOnly when every line above runs clean do I close the ticket and update the runbook with the timestamps.
Where I check first when the docs disagree
When two sources contradict each other on a Windows detail, the disambiguation order I lean on is stable. I usually start at support.microsoft.com for the ground-truth view on Windows. I usually start at github.com/microsoft/Windows-Driver-Frameworks for the ground-truth view on Windows. I usually start at techcommunity.microsoft.com/category/windows for the ground-truth view on Windows. Random blog posts and reseller wikis are signal, not ground truth, and I treat them as such until the references above either confirm or contradict the claim.
Pitfalls I have walked into on this exact path
The shortcuts that look smart on the 0x80100069 symptom have a habit of biting back. The pitfalls below are the ones I have personally walked into on a Windows unit, not things I read about. DISM RestoreHealth needs network or a known-good source image; the most common cause of a failed RestoreHealth is a blocked Windows Update endpoint. Reliability Monitor is the single most underused triage surface in Windows: it gives 30 days of crash history without writing a query. Windows error codes come in a handful of families; once you recognise the family, the doc page is one search away. When in doubt I revert to the slower path that the manual prescribes - the time I save by skipping it is always smaller than the time I spend cleaning up afterwards.
What I tell the next on-call
When I hand the 0x80100069 symptom off to the next person on rotation, the three lines I leave in the runbook are these. First, the symptom signature for Windows on the Windows family - not a paraphrase, the exact string that surfaces. Second, the diagnostic that gave the highest signal in the least time. Third, the exact verification command whose green output justified closing the ticket. That trio is what turns a one-off fix into a runbook entry the next engineer can use without paging me at three in the morning.
I also add a one-line note on the cost of getting this wrong. For the 0x80100069 symptom on a Windows unit, the cost is rarely the replacement part. It is the downtime, the second site visit, and the trust deficit you spend with whoever owns the asset when the fix does not hold. That framing keeps the next on-call from choosing the cheap-looking shortcut that ends up costing the most in elapsed hours and goodwill.