VMware Horizon Community
cstewart30
Contributor
Contributor
‎08-16-2019 01:10 PM

VMRC - DOD Alternate CAC not working.

I'm building a master image for my new Horizon 7.9 deployment with Dell Wyse P25 Firmware 6.4; however I have not made it too far.

I have just built a fresh AGM OEM/Standalone 1809 1.0.4 Windows 10 VMware VM.  I have only loaded the Active Client v 7.1.0.244 and my CAC reader I'm using is SCR3310. I have 2 CAC readers, one built into my laptop and the SCR3310 connected to a USB port.  I'm using the VMware Remote Console to try and log into the machine with my Administrative CAC; however I get an error telling me "No valid certificates were found on this smart card.  Please try another smart card or contact your administrator." If I use my normal DoD CAC it reads those cards with no issues.

Here are some steps I have done to try and trouble shoot the issue.

 

- Launch VMRC

- Connect CAC reader from VMRC

- Insert my Admin CAC

- Then I get the error.

- When I log in locally to the machine:

- I see the CAC reader in device manager

- I insert the CAC and it shows up in device manager

- Open ActivClient, it sees the CAC reader

- It starts to scan my card, it scan's then it disconnects the card reader and card from device manager and I get a Windows Box telling me to connect a card reader.  The reader is still connected in VMRC, but not in Windows device manager.

If I use RDP I can get in fine with my Admin CAC.

I have not loaded the View client as of yet, because I need to be able to log in with my Admin CAC.

0 Kudos
3 Replies
mchadwick19
Hot Shot
Hot Shot
‎08-19-2019 10:40 AM

We see similar issues with Smart Cards using the ActivClient software and this is starting to look like an ActivClient software problem.

We notice issues where in View sessions if you try to use a smart card separate from the one you used to log into a session it can cause AC to deadlock and never read any future smart cards forcing a reboot of the VM to reload the software + driver.

What seems to help us is when you are switching cards, allow the card to be read fully by the system before trying to use it. It seems to cause the least amount of issues.

VDI Engineer VCP-DCV, VCP7-DTM, VCAP7-DTM Design
0 Kudos
dauphin77
Enthusiast
Enthusiast
‎02-25-2020 01:06 PM

cstewart30,

We encountered the same issue in our vSphere 6.7 Update 3 environment. Our team was able to find a workaround that allowed us to use our Administrator card through the VMRC console and will post below in case others encounter this issue.

If you click on the double chevrons in the upper right hand corner of the VMRC console window, you will see all the devices that are currently connected or are available to pass-through to the VM. You should see two separate Smart Card icons (one that looks like an ID card and the other that looks like a door), one will be labeled as the builtin Smart Card reader and the other will have the word "Shared" in front of the Smart Card name. You need to use the one that DOES NOT say "Shared" in front of it. In our case we selected 'Broadcom 5880' versus selecting the 'Shared Broadcom Corp Contacted SmartCard 0' and it allowed us to pass-through the Administrator card and recognize the certificates.

I'm still trying to wrap my head around why this occurs. Maybe it's the type of smartcard or possibly a compatibility issue. It's an easy enough work around but If anyone has any explanations I would very much like to hear why!

We currently have vSphere 6.7 update 3 installed, VMRC version 10.0.6 and current version of VMware Tools installed. 

0 Kudos
zhornsby
Enthusiast
Enthusiast
‎02-26-2020 04:18 AM

we noticed the same fix. you need to use dedicated (disconnect from host) not shared

0 Kudos