VMware Cloud Community
jmsloane
Contributor
Contributor

VDI Machines not accepting smart card when attempting to sign PDF document

Hello family!

I am having a major issue with our Adobe Acrobat Pro DC! We are unable to sign any documents with our smart card. It does not recognize that there is a smart card plugged in at all. I have tried the trusted certificates, i have attempted to remove security (it's greyed out due to policy). We just got on windows 1709 win10 image and are struggling to get this resolved.

Here is the error:

The Windows Cryptographic Service Provider reported an error:

A device attached to the system is not functioning.

Error Code:31

We have tried several smart card readers, tried changing the certs. Nothing is working. I did notice that the certificate I normally use has a yellow exclamation mark but even when selecting a good certificate and go to sign the document it does not see any cards in the reader.

Thoughts?

Physical machines have no issues at all and it is the same image. What could have changed or been stig'd to cause this error?

Reply
0 Kudos
4 Replies
dwhite023
Contributor
Contributor

Have you found an answer to this question??

Reply
0 Kudos
mykdude
Contributor
Contributor

Still no fix for this?

Having same issue. Full adobe works fine and CAC authentication works for email and log in but not to sign pdf documents.

Reply
0 Kudos
dwhite023
Contributor
Contributor

I don't know if this is reference to what I talked to vmware about yesterday but here is the answer that I figured out.

The possible solution is to go to

First open an elevated PowerShell window, the put in Get-ProcessMitigation -Name Acrobat.exe at the prompt and hit enter. It should show you, under the Acrobat.exe, the status of the EnableImportAddressFilter. If it is on then do the following:

Go to C:\Windows\DefenderEG\   there is an XML file in there that needs to get one word changed from true to false. If you open the XML file with notepad and scroll down to the section about Acrobat.exe. You are looking for something that says "EnableImportAddressFilter" if it says true then it needs to be changed to false. Then save the file to the desktop use something like vdi_ep.xml or something of that nature. Then drag that file into the DefenderEG folder.

Go back to the PowerShell window and in put the following Set-ProcessMitigation –PolicyFilePath C:\Windows\DefenderEG\VDI_EP_.xml. This will tell Acrobat to look at this file and not the old one.

The is one issue, If you are  on a .mil domain you may have an issue with a Windows 10 STIG ID WN10-EP-000070 which says it a finding. So you will need to get with your enterprise partner and see what to do from there.

Another issue that I have found is with signing documents in a web browser. Chrome and Firefox says that the file need to be opened in another browser or that signing is not supported. I.E. will let you open the document in the browser but it will not let you sign it. You get the "insert smart card" or "smart card not detected" message. The article said something about protected view needing to be disabled which is possibly another STIG issue. I haven't checked into it.

Reply
0 Kudos
dwhite023
Contributor
Contributor

Forgot to mention this:

ONLY DO THIS IF YOU THE PRIVILEGES, RIGHTS, AUTHORIZATIONS, APPROVALS, AND OR PERMISSIONS TO DO SO.

Otherwise do not do what I previously stated in my reply.

Reply
0 Kudos