The ScPolicySvc service works by monitoring a specific registry key (See Deconstructing the Smartcard Removal Policy Service).
The VPN client (Connection Manager aka CM) on the other hand doesn’t use the Credential Provider architecture, it uses its own code for picking which certificate from the smartcard will be used for logon.
The VPN component not using CredUI or LogonUI has two side-effects:
How to Support Smart Card Logon for Remote Access VPN Connections http://technet.microsoft.com/en-us/library/cc875840.aspx
Deconstructing the Smartcard Removal Policy Service: http://blogs.technet.com/instan/archive/2010/03/08/deconstructing-the-smartcard-removal-service.aspx
Where Is “Logon Using Dial-Up Connections” in Windows Vista? http://blogs.technet.com/grouppolicy/archive/2007/07/30/where-is-logon-using-dial-up-connections-in-windows-vista.aspx
Can You help with Smart Card Removal Policy service
i have Domain with SBS 2011 server ; Lenovo ThinkCentre Edge71 computer with Windows 7 PRo 64 bit
i have 2 the same computers. On one install smart card reader and smart card drivers( Gemalto .net card )
login in domain with smart card work fine !
on other i'm not install card reader and smart card ( Gemalto .net )
But Smart Card Removal Policy service not start up ( on both computers )!
message : Smart Card Removal Policy service on Local Computer started and then stopped.
This sounds like you haven't set the ScRemoveOption registry key for the Smartcard Removal Policy service.
You need to set it to either (Lock/Logoff/Disconnect) if you want to use the service - see the link at the top of the page.
If the service starts up and finds that the registry key isn't set it stops again as it doesn't have anything to do in that case.