VMware Horizon Community
lokaboy
Contributor
Contributor

Smart Card authentication

Hi!

I'm using a Dell Smart Card keyboard with Crescendo C700 smart card to login to a Win7 desktop, this works perfect. This desktop has the View Client 5.0 installed. When I set the Connection Server to only accept Smart Card authentication and try to connect I get this error:

The View Connection Server connection failed. Smart Card or certificate authentication is required.

If I set the option to OPTIONAL, I log automatic in to the connection server(with my credentials) and automatic to the pool and desktop dedicated to me. But I still need to provide credentials to log in to the VM..!?

I've checked the log when Smart Card authentication is REQUIRED:

I've marked the errors I think could cause the authentication failure..Anyone familiar with this?

2011-09-29 14:35:45,345 TRACE <5500> [MessageFrameWork] sysconfig: add watch of location 'hklm\software\vmware, inc.\vmware vdm'
2011-09-29 14:35:45,345 TRACE <5500> [MessageFrameWork] sysconfig: add watch of location 'hklm\software\policies\vmware, inc.\vmware vdm'
2011-09-29 14:35:45,345 INFO  <5500> [MessageFrameWork] Program 'wswc - VMware View Client' started, version=5.0.0 build-481677, pid=4460, buildtype=release, usethread=1, closeafterwrite=0
2011-09-29 14:35:45,345 TRACE <5500> [MessageFrameWork] Load of language 0x409, 4 strings, load time 0 msecs
2011-09-29 14:35:45,345 TRACE <5500> [MessageFrameWork] Resource dll loaded for langId 0x409
2011-09-29 14:35:45,345 TRACE <5500> [MessageFrameWork] Current resource dll set to langId 0x409
2011-09-29 14:35:45,345 TRACE <Main Thread> [wswc] wswc started
2011-09-29 14:35:45,345 TRACE <Main Thread> [MessageFrameWork] Failed to install event source - error 5 (Access is denied.)
2011-09-29 14:35:45,345 DEBUG <Main Thread> [MessageFrameWork] wswc MessageQueueShared started with numThreads=20, queueTreshold=250
2011-09-29 14:35:45,345 DEBUG <Main Thread> [MessageFrameWork] wswc MessageQueue started with numThreads=20, queueTreshold=1000
2011-09-29 14:35:45,345 DEBUG <Main Thread> [MessageFrameWork] MessageFrameWork Worker Added, Name=System, Description=The Builtin MessageFrameWork Administration Queue, Channel=00000000
2011-09-29 14:35:45,345 DEBUG <Main Thread> [MessageFrameWork] MessageFrameWork Worker Added, Name=wswc, Description=The program main service, Channel=00000000
2011-09-29 14:35:45,345 DEBUG <Main Thread> [MessageFrameWork] MessageFrameWork Worker Added, Name=TraceServer, Description=Provides external trace listening support, Channel=00000000
2011-09-29 14:35:45,345 TRACE <SharedMemListener> [MessageFrameWork] The SharedMemServer Listener is active
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Plugins_Install:C:\Program Files\VMware\VMware View\Client\bin\wswc.exe wswc
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wswc_command.dll
2011-09-29 14:35:45,360 DEBUG <PluginInitThread> [MessageFrameWork] MessageFrameWork Worker Added, Name=wswc_command, Description=The View Connection Server command service, Channel=00000000
2011-09-29 14:35:45,360 INFO  <logloaded> [MessageFrameWork] Plugin 'wswc_command - VMware View Connection Server Command Handler' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wswc_http.dll
2011-09-29 14:35:45,360 INFO  <logloaded> [MessageFrameWork] Plugin 'wswc_http - VMware View Client HTTP Handler' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wswc_pcoip.dll
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wswc_rdp.dll
2011-09-29 14:35:45,360 DEBUG <PluginInitThread> [MessageFrameWork] MessageFrameWork Worker Added, Name=wswc_rdp, Description=View Client RDP service, Channel=00000000
2011-09-29 14:35:45,360 INFO  <logloaded> [MessageFrameWork] Plugin 'wswc_pcoip - VMware View Client PCoIP Interaction Handler' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wswc_rsa.dll
2011-09-29 14:35:45,360 INFO  <logloaded> [MessageFrameWork] Plugin 'wswc_rdp - VMware View RDP Handler' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,360 TRACE <PluginInitThread> [wswc_http] locationCookie set to MAC address: 78-2B-CB-9F-EF-50
2011-09-29 14:35:45,360 DEBUG <PluginInitThread> [MessageFrameWork] MessageFrameWork Worker Added, Name=wswc_http, Description=The HTTP handler, Channel=00000000
2011-09-29 14:35:45,360 DEBUG <PluginInitThread> [MessageFrameWork] MessageFrameWork Worker Added, Name=securid-passcode, Description=Implements the RSA user login interface, Channel=00000000
2011-09-29 14:35:45,360 INFO  <logloaded> [MessageFrameWork] Plugin 'wswc_rsa - VMware View RSA Handler' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wswc_tunnel.dll
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wswc_ui.dll
2011-09-29 14:35:45,360 INFO  <logloaded> [MessageFrameWork] Plugin 'wswc_tunnel - VMware View Secure Tunnel Client' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,360 DEBUG <PluginInitThread> [MessageFrameWork] MessageFrameWork Worker Added, Name=wswc_ui, Description=The user interface service, Channel=00000000
2011-09-29 14:35:45,360 DEBUG <PluginInitThread> [MessageFrameWork] MessageFrameWork Worker Added, Name=windows-password, Description=The windows password logon handler, Channel=00000000
2011-09-29 14:35:45,360 INFO  <logloaded> [MessageFrameWork] Plugin 'wswc_ui - VMware View Client UI handler' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wssm_uimanager.dll
2011-09-29 14:35:45,360 DEBUG <PluginInitThread> [MessageFrameWork] MessageFrameWork Worker Added, Name=Tunnel, Description=The secure tunnel client, Channel=00000000
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: wswc_usb.dll
2011-09-29 14:35:45,360 TRACE <Main Thread> [MessageFrameWork] Loading plugin: ws_winauth.dll
2011-09-29 14:35:45,376 DEBUG <Main Thread> [MessageFrameWork] MessageFrameWork Worker Added, Name=WinAuth, Description=Support for windows authentication tasks, Channel=00000000
2011-09-29 14:35:45,376 DEBUG <Main Thread> [ws_winauth] WindowsAuthentication queue server installed
2011-09-29 14:35:45,376 INFO  <logloaded> [MessageFrameWork] Plugin 'ws_winauth - VMware View Framework Windows Authentication Support' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,376 DEBUG <InitUsb> [MessageFrameWork] MessageFrameWork Worker Added, Name=UsbDeviceManager, Description=USB manager for nodes hosting the physical devices, Channel=00000000
2011-09-29 14:35:45,376 INFO  <logloaded> [MessageFrameWork] Plugin 'wswc_usb - VMware View Virtual USB Device Service' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,376 DEBUG <InitUsb> [MessageFrameWork] MessageFrameWork Worker Added, Name=UsbDeviceManagerAsync, Description=Async USB manager for nodes hosting the physical devices, Channel=00000000
2011-09-29 14:35:45,376 INFO  <logloaded> [MessageFrameWork] Plugin 'wssm_uimanager - VMware View Framework UI Host' loaded, version=5.0.0 build-481677, buildtype=release
2011-09-29 14:35:45,376 DEBUG <UsbDeviceNotification> [wswc_usb] UsbDeviceNotificationThread start
2011-09-29 14:35:45,376 DEBUG <UsbRefreshDevices> [wswc_usb] UsbRefreshDevicesThread start
2011-09-29 14:35:45,376 TRACE <NodeManagerWatcher> [MessageFrameWork] SharedMemChannel connect accepted, authenticate
2011-09-29 14:35:45,376 TRACE <MessageFrameWorkDispatch> [wswc_ui] wswc_ui_operation: StartUI
2011-09-29 14:35:45,376 TRACE <MessageFrameWorkDispatch> [wswc_ui] wswc_ui_operation: GetParams
2011-09-29 14:35:45,376 INFO  <Main Thread> [wswc] Windows Client started
2011-09-29 14:35:45,376 DEBUG <NodeManagerWatcher> [MessageFrameWork] Outgoing SharedMemory channel from wswc to machine PCNO73DX25J.stralfors.se wsnm connected as : STRALFORS\lokoys, Authenticated through SSPI, package = NTLM, encrypting = true
2011-09-29 14:35:45,376 TRACE <NodeManagerWatcher> [MessageFrameWork] SharedMem Connect Ok, Channel 0x018CC300
2011-09-29 14:35:45,376 DEBUG <NodeManagerWatcher> [MessageFrameWork] Connection to Node Manager established.
2011-09-29 14:35:45,392 DEBUG <InitUIManager> [MessageFrameWork] MessageFrameWork Worker Added, Name=UIManager, Description=Provides User Interface services for a session, Channel=00000000
2011-09-29 14:35:45,392 DEBUG <NodeManagerWatcher> [MessageFrameWork] MessageFrameWork Worker Added, Name=UsbRemoteNotify1, Description=USB manager session notify queue, Channel=00000000
2011-09-29 14:35:45,392 TRACE <MessageFrameWorkDispatch> [wswc_ui] wswc_ui_operation: GetParams
2011-09-29 14:35:45,392 TRACE <MessageFrameWorkDispatch> [wswc_ui] wswc_ui_operation: ClearSmartCardInfo
2011-09-29 14:35:45,392 TRACE <MessageFrameWorkDispatch> [wswc_ui] wswc_ui_operation: ClearSmartCardInfo
2011-09-29 14:35:45,392 TRACE <MessageFrameWorkDispatch> [wswc_http] HttpConn::Connect: Using proxy 'http=firewall:8080;https=firewall:8080' with bypass list 'connectionserver.company.no;;<local>'.
2011-09-29 14:35:45,407 DEBUG <PluginInitThread> [MessageFrameWork] MessageFrameWork Worker Added, Name=GuestUIManager, Description=The in-guest UI management service, Channel=00000000
2011-09-29 14:35:46,421 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] System: Broadcast of USB - deviceAdded
2011-09-29 14:35:46,452 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] GetCertificateProperty: Calling CertGetCertificateContextProperty to retrieve length.
2011-09-29 14:35:46,452 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] GetCertificateProperty: CertGetCertificateContextProperty finished.
2011-09-29 14:35:46,452 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] GetCertificateProperty: Calling CertGetCertificateContextProperty to retrieve data.
2011-09-29 14:35:46,452 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] GetCertificateProperty: CertGetCertificateContextProperty finished.
2011-09-29 14:35:46,452 TRACE <MessageFrameWorkDispatch> [wswc_http] HttpTxn::VerifyServerThumbprint: Certificate hasn't changed.
2011-09-29 14:35:46,452 TRACE <MessageFrameWorkDispatch> [wswc_http] WinHttpStatusCallback: Verifying server thumbprint took 0 ms.
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] GetCertificateProperty: Calling CertGetCertificateContextProperty to retrieve length.
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] GetCertificateProperty: CertGetCertificateContextProperty finished.
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] GetCertificateProperty: Calling CertGetCertificateContextProperty to retrieve data.
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [MessageFrameWork] GetCertificateProperty: CertGetCertificateContextProperty finished.
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [wswc_http] HttpTxn::VerifyServerThumbprint: Certificate hasn't changed.
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [wswc_http] WinHttpStatusCallback: Verifying server thumbprint took 0 ms.
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [wswc_http] brokerConnect successful
2011-09-29 14:35:46,593 ERROR <MessageFrameWorkDispatch> [wswc_command] brokerGetConfiguration (configuration) response xml ERROR = Authentication failure
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [wswc_ui] wswc_ui_operation: MVDIInstalled
2011-09-29 14:35:46,593 TRACE <MessageFrameWorkDispatch> [wswc_ui] connectDialog MessageBox: The View Connection Server connection failed. Smart Card or Certificate authentication is required.
2011-09-29 14:35:50,341 TRACE <MessageFrameWorkDispatch> [wswc_ui] wswc_ui_operation: ClearSmartCardInfo

Message was edited by: lokaboy

Reply
0 Kudos
2 Replies
grossag
VMware Employee
VMware Employee

It looks like you didn't set up smart card authentication correctly in the View Connection Server.  Unless you removed some lines, the logs show that the View Client isn't being told to do smart card authentication but then is told that it was required so authentication fails.  One thing to verify is that you filled out the locked.properties file correctly, especially making sure that the line "useCertAuth=true" is present.  See http://blogs.vmware.com/view/2010/10/troubleshooting-smart-card-authentication-using-the-windows-vie... for more detailed steps.  All of the steps needed to set up smart card authentication in the View Connection Server are also listed in the Admin Guide.

Reply
0 Kudos
arakelian
VMware Employee
VMware Employee

Reply
0 Kudos