VMware Horizon Community
McGeekable
Contributor
Contributor
‎03-05-2013 05:25 AM

SmartCard reader as a pass-through device for VMware View 5.0 (NOT USED FOR AUTHENTICATION)

I'm have troubles using USB Smart Card Readers. Some work others don't.

  • ESXi 5.0
  • View 5.0
  • Dell FX100 (Zero Client, lastest firmware from teradici: 4.0.2, Tera1 Chipset)
  • VM: Windows 7 SP1 32 bit
  • Protocol: PCoIP

The option in the View Agent 'PCoIP Server / PCoIP SmartCard' is actived.

Smartcard Readers:

  • Cherry ST-1044U (works)
  • GemPlus (works)
  • ACR30U (doesn't work)
  • ACR38T (doesn't work)

We really need the ACR38T because this one is a SIM card reader, we can put the SIM card in without any adaptors.

With the Zero Clients:

What I've noticed is that when I use a SmartCard Reader that works (Cherry / GemPlus), it isn't listed in the Device Manager of Windows. And when I plug in one that doesn't work (ACR), Windows shows it in the Device Manager as a SmartCard Reader. It is listed as the correct SmartCard Reader, name & drivers are correct. But non of the software that has to read the smartcard can find a SmartCard Reader

With a Windows Client:

I've did some other test using a Windows 7 client, with the VMware View for windows on it. And from the moment I plug in a SmartCard Reader that also works with the Zero Client, the device is not listed under the 'Connect USB Device'-menu of the VMware View Client and the redirection works as it should be.

From the moment I plug in a SmartCard Reader that didn't work with the Zero Client, like the ACR's, the device is listed under the 'Connect USB Device'-menu of the VMware View Client. When I tick that one on, the redirection occurs just like the zero client. The device is visible under the Device Manager of the VM, and non of the software is able to work or even see it. When I tick the device off in the 'Connect USB Device'-menu of the VMware View Client. The device also disappears from the Device Manager of the VM and the application on the VM are able to work with de SmartCard Reader.

Conclusion:

It seems that VMware does not handle all SmartCard Readers equally, but why? And how can I make the ACR-devices to work.

Extra Steps I've took:

  • I experimented already with the USB device filters. When I add the VID & PID of the ACR SmartCard Reader to the 'HardwareIDFilters', the device is blocked, as expected, and not usable or visible in the VM.
  • I also hadn't any luck when adding the device to the 'AllowHardwareIDs'.
  • Change the settings of the Zero Client (after every setting, I restarted the VM and the Zero Client):
    • ECHI on or off
    • Add the SmartCard Reader as bridged device

Like I said before, it's just like VMware forward the ACR SmartCard Readers like an normal USB device and the Cherry/GemPlus SmartCard Reader like a device with which you can authenticate with.

I really do not need the SmartCard Authentication of VMware View.

Any idea's?

Thanks in advance.

3 Replies
mpryor
Commander
Commander
‎03-05-2013 07:31 AM

If you want to redirect your smartcard readers as raw USB devices, you should not install the PCoIP Smartcard Redirection feature as part of the agent. With redirection installed, experience will be the same as for an RDP session - local readers, which they are as they're plugged in "locally" with USB, will be ignored and instead all smartcard calls are redirected back to the client for processing. You must use one method or the other. So, two things:

1. Do not install smartcard redirection as part of the agent

2. Ensure your smartcard readers are always redirected as raw USB devices. By default, supported ones will be filtered but this is configurable using policies on the client.

You've been doing the right things for (2), but you also need to do (1) for the results to be correct.

McGeekable
Contributor
Contributor
‎03-05-2013 08:12 AM

I think I did something wrong in the past. :smileyplain:

Removed the smartcard redirection in the agent, put the SmartCard Reader as bridged device in the Zero Client (teradici setting) and now it works.

Just to bad that the VMware View Client do not recognize and redirect all the SmartCard Readers the same way.

Thanks.

Chris1710
Contributor
Contributor
‎07-15-2014 06:42 AM

Great solution. It works!

Thanks.

0 Kudos