When you use client certificate mapping in IIS, custom mappings are NOT recognized and you Web site may stop responding.
This behavior may result if client certificates are not mapped to their user accounts in Active Directory, and the Windows Directory Service Mapper is turned on.
To resolve this issue:
1. Open the Internet Services Manager snap-in.
2. Right-click the computer name above the Web Sites and FTP Sites and press Properties.
3. Press the Edit button next to the WWW Service.
NOTE: On Windows Server 2003, right-click Web Sites and press Properties.
4. Select the Directory Security tab.
5. Clear the Enable the Windows directory service mapper box.
6. Press OK and OK.
7. Restart IIS.