4 Replies Latest reply on May 21, 2020 1:56 PM by dwhite023

    VDI Machines not accepting smart card when attempting to sign PDF document

    jmsloane Novice

      Hello family!

      I am having a major issue with our Adobe Acrobat Pro DC! We are unable to sign any documents with our smart card. It does not recognize that there is a smart card plugged in at all. I have tried the trusted certificates, i have attempted to remove security (it's greyed out due to policy). We just got on windows 1709 win10 image and are struggling to get this resolved.

       

      Here is the error:

      The Windows Cryptographic Service Provider reported an error:

      A device attached to the system is not functioning.

      Error Code:31

       

      We have tried several smart card readers, tried changing the certs. Nothing is working. I did notice that the certificate I normally use has a yellow exclamation mark but even when selecting a good certificate and go to sign the document it does not see any cards in the reader.

       

      Thoughts?

       

      Physical machines have no issues at all and it is the same image. What could have changed or been stig'd to cause this error?

        • 1. Re: VDI Machines not accepting smart card when attempting to sign PDF document
          dwhite023 Lurker

          Have you found an answer to this question??

          • 2. Re: VDI Machines not accepting smart card when attempting to sign PDF document
            mykdude Lurker

            Still no fix for this?

             

            Having same issue. Full adobe works fine and CAC authentication works for email and log in but not to sign pdf documents.

            • 3. Re: VDI Machines not accepting smart card when attempting to sign PDF document
              dwhite023 Lurker

              I don't know if this is reference to what I talked to vmware about yesterday but here is the answer that I figured out.

               

              The possible solution is to go to

              First open an elevated PowerShell window, the put in Get-ProcessMitigation -Name Acrobat.exe at the prompt and hit enter. It should show you, under the Acrobat.exe, the status of the EnableImportAddressFilter. If it is on then do the following:

               

              Go to C:\Windows\DefenderEG\   there is an XML file in there that needs to get one word changed from true to false. If you open the XML file with notepad and scroll down to the section about Acrobat.exe. You are looking for something that says "EnableImportAddressFilter" if it says true then it needs to be changed to false. Then save the file to the desktop use something like vdi_ep.xml or something of that nature. Then drag that file into the DefenderEG folder.

               

              Go back to the PowerShell window and in put the following Set-ProcessMitigation –PolicyFilePath C:\Windows\DefenderEG\VDI_EP_.xml. This will tell Acrobat to look at this file and not the old one.

               

              The is one issue, If you are  on a .mil domain you may have an issue with a Windows 10 STIG ID WN10-EP-000070 which says it a finding. So you will need to get with your enterprise partner and see what to do from there.

               

              Another issue that I have found is with signing documents in a web browser. Chrome and Firefox says that the file need to be opened in another browser or that signing is not supported. I.E. will let you open the document in the browser but it will not let you sign it. You get the "insert smart card" or "smart card not detected" message. The article said something about protected view needing to be disabled which is possibly another STIG issue. I haven't checked into it.

              • 4. Re: VDI Machines not accepting smart card when attempting to sign PDF document
                dwhite023 Lurker

                Forgot to mention this:

                 

                ONLY DO THIS IF YOU THE PRIVILEGES, RIGHTS, AUTHORIZATIONS, APPROVALS, AND OR PERMISSIONS TO DO SO.

                 

                Otherwise do not do what I previously stated in my reply.