Hey Julian
Thanks for posting,
The error msg:
"windows cannot log you on because smart card log in is not cofigured for your organization"
can be mentioned to some configuration at your ca server:
The issuing CA (the third party CA) is trusted in the NTAuth store, use the command [certutil -viewstore -enterprise NTAuth] to verify
The smart card certificates are enabled for revocation checking and that revocation checking actually works, the CRLs are reachable from your DCs and clients
All your DCs have received a Domain Controller/ Domain Controller Authentication certificate