VMware Horizon Community
robinstolpe
Enthusiast
Enthusiast

Horizon Client 2106 issues but not with 2103?

Hi,
My connection servers and agents are running 2103 but some of my users did update to Client 2106 today but then when they try to connect they get the following error:

Access Denied No valid certificate provider

They do get the prompt to choose certification and writing there pin-code but direct after it they do get the error that I did write above.

But it do work with 2103 so it seem that it's the client 2106 that are doing something different then 2103 Client.

We are using siths Cards. (smart cards)

 

Edit: This only affects Windows Client 2106. macOS client works perfect 2106 with smart card.
So what is the issue? I can't figure it out. I'm lost.

IT engineer that works with the hole VMWare portfolio and also loves to develop and automate in C# and PowerShell
Reply
0 Kudos
4 Replies
QiSun77
VMware Employee
VMware Employee

Hi robinstolpe,
Could you ask the customer to collect the full client log?

To set the log level:
Enter the DCT directory: “cd C:\Program Files (x86)\VMware\VMware Horizon View Client\DCT”
Run: "support.bat -x client:trace"

To collect the log:
Run: "support.bat -c client"

Reply
0 Kudos
QiSun77
VMware Employee
VMware Employee

To quickly identify one possibility, could you add a registry in Client and try smart card authentication again?

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\VMware, Inc.\VMware VDM\Client,  UseCryptoAPI, set value = "true"

 

Reply
0 Kudos
robinstolpe
Enthusiast
Enthusiast

This did work, is it any GPO for this that I can push out for my clients?

IT engineer that works with the hole VMWare portfolio and also loves to develop and automate in C# and PowerShell
Reply
0 Kudos
QiSun77
VMware Employee
VMware Employee

There is no GPO. In 2106, we had a feature named CNG support in both Client and Agent side. For your case, it means the smart card middleware is too old to support CNG/KSP which is more secure and its the trend. For client side spec, please refer to: https://confluence.eng.vmware.com/display/CNVDES/Func+Spec+for+CNG+Support We provide the kill switch(registry) to fall back to CAPIs as the temporary solution. For long time solution, we need ask our customer to request his Smart Card vendor to upgrade the Smart Card middleware and support CNG/KSP.

Reply
0 Kudos