Using certificates with to authenticate users with L2TP/IPSec

I am running SBS2003 and have an L2TP/IPSec connection ended on the Cisco
router that runs my LAN.

I have imported user and computer certificates using the MMC Certificates
snap-in, just as I did with XP.

The XP VPN connection works fine using EAP.

With Vista I can log in and Exchange Server/Outlook connections are OK, but
I cannot access "My Documents" which are mapped folders; permission denied.

The server reports
Event Type: Warning
Event Source: KDC
Event Category: None
Event ID: 21
Description:
The client certificate for the user xxx is not valid, and resulted in a
failed smartcard logon. Please contact the user for more information about
the certificate they're attempting to use for smartcard logon. The chain
status was : The certificate is not valid for the requested usage.

How do I get the right certificate for Vista? It seems to be the same as the
one that I have on XP.