Hey guys,
Now I want to connect USB etoken to Virtual Machine.
etoken not show when add new device/Host USB device
On Esxi host. Feitian token has been shown.
I run cmd in cli.
esxcli hardware usb passthrough device enable -d 1:4:096e:0703
Nothing change.
Did anyone know how to fix this?
update: I follow this article
but pcscd is already not running
eToken still not list when add host USB device
Best regards,
Is there anyone can help me?
How are you accessing the VM? Are you using VMware Workstation Pro or VMware Remote Console (VMRC)?
After adding the line
usb.generic.allowCCID = "TRUE"
to the vmx of the VM,
assuming that you use Workstation Pro or VMRC to access the VM, you should be able to see the CCID device in the "Removable Devices" menu of USB devices to connect to the VM.
Thank you for you reply.
I'm using Esxi 6.7 and Vsphere Vcenter 6.7.
If I used VMRC, I'm able to connect the CCID USB device to VM by the "Removable Devices" menu, with this solution, if I close the VMRC, CCID USB auto disconnect.
Therefore i need to plug CCID USB directly to Esxi host, and add CCID USB passthrough to VM
I am not sure if this will work for you.
https://kb.vmware.com/s/article/1648
You could try adding to the vmx configuration file
usb.autoConnect.device0 = "096e:0703"
I have tried that solution. It does not work.
I found a couple of reasons
https://kb.vmware.com/s/article/55789
When users use smart card as the authentication to log into ESXi shell, PCSCD is the smart card daemon that claims and controls smart card readers
But PCSCD is not running.
In other solution
I think that, the CCID usb device has been claim by Esxi.
I added
usb.quirks.device0 = "0x096e:0x0703 allow"
to /etc/vmware/config file
added
CONFIG./USB/quirks=0x096e:0x0703::0xffff:UQ_KBD_IGNORE
to /bootbank/boot.cfg
it still does not work
Please change the USB Controller version/type (2/3/3.1) on the VM settings, and then try for your token detection once again.
I tried all USB Controller version/type (2/3) on the VM settings.
But my token is till not list in add New host USB device
Can you check it with: 1. Another physical USB port 2. Another ESXi host 3. Another VM? and give back the result?!
If you read carefully at the virtuallyghetto link that you sent, there is a note under step 3 that indicates the steps to add to the bootbank/boot.cfg is not required for CCID device. And besides that keyword UQ_KBD_IGNORE the KBD likely stands for KeyBoarD.
The purpose of stopping the PCSCD is to stop ESXi from claiming it as KB55789 implies.
Anyway, adding to /etc/vmware/config is to make it global (i.e. applies to all VMs) instead of having to add to individual VM vmx configuration file one-by-one.
In the previous try with VMRC, if the device was not disconnected from the VM before shut down of the VM, there might be auto connect strings added by path (at least that is what happens with Workstation/Fusion).
It is probably best to try on the vmx configuration level first rather than /etc/vmware/config.
1. check with another physical USB (data USB) plug in to same port.
the USB has been listed in add Host USB Device
2. I have plugged etoken to another Esxi host. its still passthrough = disable
3. In another Esxi host, as mentioned above, when etoken passthrough disabled, it not listed in setting of other VM
thank bluefirestorm.
For security (policy) reason, eToken must be plugged to Esxi host, not via VMRC
Have you tried using the autoconnect in the vmx configuration using the USB path instead of VID:PID?
From the documentation, looks like ESXi goes by USB path instead of VID:PID for the autoconnect.
The USB passthrough autoconnect feature identifies the device by using the USB path of the device on the host. It uses the physical topology and port location instead of the device identity.
I have tried to config "USB path" instead of "VID:PID" for the autoconnect in the vmx configuration. but it did not work.
I think that is not cause. Why is only eToken passthrouh diabled when it pluged to Esxi?
You don't have to keep pasting that similar screenshot again and again. That was already in your original post. It doesn't progress the discussion.
Anyway, was the USB path correct?
FWIW, with an Ubuntu host with VMware Workstation Pro 15.5.6
The output of lsusb -t
/: Bus 04.Port 1: Dev 1, class="root_hub", Driver=xhci_hcd/6p, 5000M
/: Bus 03.Port 1: Dev 1, class="root_hub", Driver=xhci_hcd/14p, 480M
|__ Port 1: Dev 2, If 0, class="Human" Interface Device, Driver=usbhid, 1.5M
|__ Port 2: Dev 3, If 1, class="Human" Interface Device, Driver=usbhid, 1.5M
|__ Port 2: Dev 3, If 0, class="Human" Interface Device, Driver=usbhid, 1.5M
|__ Port 4: Dev 4, If 0, class="Hub", Driver=hub/4p, 480M
|__ Port 3: Dev 6, If 1, class="Audio", Driver=snd-usb-audio, 12M
|__ Port 3: Dev 6, If 2, class="Human" Interface Device, Driver=usbhid, 12M
|__ Port 3: Dev 6, If 0, class="Audio", Driver=snd-usb-audio, 12M
|__ Port 4: Dev 7, If 0, class="Human" Interface Device, Driver=usbhid, 12M
|__ Port 4: Dev 7, If 1, class="Human" Interface Device, Driver=usbhid, 12M
|__ Port 5: Dev 8, If 0, class="Chip"/SmartCard, Driver=, 12M
|__ Port 13: Dev 5, If 0, class="Wireless", Driver=btusb, 12M
|__ Port 13: Dev 5, If 1, class="Wireless", Driver=btusb, 12M
/: Bus 02.Port 1: Dev 1, class="root_hub", Driver=ehci-pci/2p, 480M
|__ Port 1: Dev 2, If 0, class="Hub", Driver=hub/8p, 480M
/: Bus 01.Port 1: Dev 1, class="root_hub", Driver=ehci-pci/2p, 480M
|__ Port 1: Dev 2, If 0, class="Hub", Driver=hub/6p, 480M
The autoconnect for the SmartCard reader inserted by Workstation Pro after VM shutdown without disconnecting the SmartCard reader.
usb_xhci.autoConnect.device0 = "path:3/5 autoclean:1"
So that would be bus 3, port 5. So it looks like path is bus and port number.
The VM was configured with USB 3.1 gen 1 controller so I think that is why it shows up as usb_xhci
I think for your case you would want autoclean to be 0.
ok,
this is output of lsusb -t
In VM option I add Configuration Parameters
It did not work.
I also tried with
usb.autoConnect.device0 = "path:1/5 autoclean:1"
the same result
It's hard to troubleshoot without any reference to the vmware.log of the VM.
From your screenshot of lsusb -t, it looks like there are multiple devices connected to the same USB hub. It would look like those are device numbers instead of port number. If possible, I would suggest try plugging to that is not a hub. Otherwise you should look for the lower level port number as well.
I think for your case you can leave out the autoclean altogether. Without the autoclean, the autoconnect will always remain there even if the device was not found. Or also try to autoconnect the Kingston thumb drive to see whether that also works. If the Kingston thumb drive does not autoconnect, something else is also wrong.
From the vmware.log of the VM I have, the autoconnect searches for the path,
I005: USB: Search for USB devices to connect [path:3/5]
I005: SOCKET creating new socket, connecting to /var/run/vmware/usbarbitrator-socket
Whether or not a device is connected, it still searches for it (I had removed the autoclean so the autoconnect string remains there even the device was not found).
When the device is found
I005: USB: Found device [name:OmniKey\ Smart\ Card\ Reader\ USB vid:076b pid:3021 path:3/5 speed:full family:smart-card arbRuntimeKey:6 version:3]
I005: USB: Autoconnecting device "OmniKey Smart Card Reader USB" matching pattern [path:3/5] prefer usb_xhci
I005: USB: Connecting device desc:name:OmniKey\ Smart\ Card\ Reader\ USB vid:076b pid:3021 path:3/5 speed:full family:smart-card arbRuntimeKey:6 version:3 id:0x10000006076b3021
For multiple devices connected to the same USB hub, it uses port number underneath and not the device ID. I assume it takes the If 0 as precedence.
I005: USB: Found device [name:Harman\ JBL\ Pebbles vid:05fc pid:0231 path:3/4/3 speed:full family:audio,hid serialnum:1.0.0 arbRuntimeKey:3 version:3]
I005: USB: Found device [name:Wacom\ CTH-470 vid:056a pid:00de path:3/4/4 speed:full family:hid,hid-bootable arbRuntimeKey:1 quirks:allow version:3]
You can see the path is 3/4/3 for the audio device and 3/4/4 for the HID.
/: Bus 03.Port 1: Dev 1, class="root_hub", Driver=xhci_hcd/14p, 480M
|__ Port 4: Dev 4, If 0, class="Hub", Driver=hub/4p, 480M
|__ Port 3: Dev 6, If 1, class="Audio", Driver=snd-usb-audio, 12M
|__ Port 3: Dev 6, If 2, class="Human" Interface Device, Driver=usbhid, 12M
|__ Port 3: Dev 6, If 0, class="Audio", Driver=snd-usb-audio, 12M
|__ Port 4: Dev 7, If 0, class="Human" Interface Device, Driver=usbhid, 12M
|__ Port 4: Dev 7, If 1, class="Human" Interface Device, Driver=usbhid, 12
From the vmware.log of the VM
I125: USB: Found device [name:Kingston\ DataTraveler\ 3.0 vid:0951 pid:1666 path:0/1/3 speed:high family:storage,storage-bulk serialnum:60A44CB4644AE361A7728390 arbRuntimeKey:2 version:3]
I125: USB: Found device [name:Realtek\ USB3.0-CRW vid:0bda pid:0329 path:0/1/1/3 speed:super family:storage,storage-bulk serialnum:29203008282014000 arbRuntimeKey:1 version:3]
I can not found Feitian etoken.
In VM option I add Configuration Parameters
usb_xhci.autoConnect.device0 = "path:0/1/3 autoclean:1"
Autoconnect works well for Kingston data usb.
I have tried with
usb_xhci.autoConnect.device0 = "path:0/1/5 autoclean:1"
path:0/1/5 is my assumption about eToken' path.
It did not work
Since the Kingston USB passthrough worked on path:0/1/3, have you tried plugging in the Feitian eToken on the same port where the Kingston USB was connected to? As it is based on USB port path, instead of VID:PID, assuming there is nothing else wrong, the Feitian eToken should work on the same port as where the Kingston USB was previously plugged in.
If that doesn't work, there is probably not much else that can be done other than making sure the points in the KB are adhered to
Ok, I unplugged Kingston USB.
Plug the Feitian eToken to the same port as where the Kingston USB was previously plugged in
in vmware.log
I125: VUsbUpdateVigorFieldsAndAutoconnect: New set of 1 USB devices
I125: USB: Found device [name:Realtek\ USB3.0-CRW vid:0bda pid:0329 path:0/1/1/3 speed:super family:storage,storage-bulk serialnum:29203008282014000 arbRuntimeKey:1 version:3]
I125: Intel VT: FlexPriority enabled.
That doesn't work,
in my original post, I had shown that pcscd is not running
I have added this Parameter to vmx config file of VM
usb.generic.allowCCID = "TRUE"
not work