FFulde Posted September 12 Share Posted September 12 Hello everyone, I'm in the process of setting up a Horizon RDS Farm, we have several users that need to access smart cards inside their sessions for example to sign documents. These Smartcards are used by the applications inside the session not for logging into the session. I'm just not getting that to work at all. So the vendor of the smartcard reader we are using "ReinerSCT cyberjack" told us to avoid using USB Redirection because it wont work well on an RDS host, we are supposed to use Smartcard Redirection however I believe that is an Single User OS only feature as I can't seem to enable it when installting Horizon Agent on the Server and the feature shows as "Absent" in the Registry. Do I have any chance of getting this to work? At the moment we have VDI Desktops where USB Redirection works great for smart cards, but we have too much CPU and memory overhead from giving everyone a dedicated VDI, that's why we decided to move towards RDS. Any help is appreciated. Quote Link to comment Share on other sites More sharing options...
Employee Rob Beekmans Posted September 12 Employee Share Posted September 12 There were some changes, read the KB https://kb.omnissa.com/s/article/94757 I'll try to find what the status is Quote Link to comment Share on other sites More sharing options...
FFulde Posted September 13 Author Share Posted September 13 Thank you Rob, I forgot to mention we are running Horizon Version 2312 at the moment. I'll attach some screenshots, in the registry it shows the Smartcard Features as Absent for whatever reason. The other two screenshots show the features I'm installing it doesnt event list Smartcard as an option there, when I install the Agent on a Windows 10 Desktop for example, I see the Smartcard Feature as an option. (Sorry screenshots are German) I found this Link Horizon Agent Custom Setup Options (vmware.com) where it says the feature is only for Single User machines. Thats for Horizon 7 tho, so I'm not sure if that has changed in the meantime. Quote Link to comment Share on other sites More sharing options...
Employee Owen Ye Posted September 14 Employee Share Posted September 14 @FFulde, Smartcard Redirection feature is a mandatary feature on RDSH Agent. No need to select during installation. You could try to run command "certutil -scinfo" inside RDSH Agent machine to validate if the Smartcard redirected. Quote So the vendor of the smartcard reader we are using "ReinerSCT cyberjack" told us to avoid using USB Redirection because it wont work well on an RDS host This is correct. Just use smartcard redirection on RDS host. And for VDI (single user OS) Agent: if we want to use Smartcard redirection, just install the smartcard redirection component during installation. No matter if you install USB redirection or not. if we want to use USB redirection for Smartcard reader/cards, we need to uncheck Smartcard redirection component during installation, select USB redirection, and there's a Group Policy to enable Smartcard via USB redirection. (refer to USB Settings in the Horizon Agent Configuration ADMX Template (omnissa.com) "Allow Smart Cards Property: AllowSmartcard". Quote Link to comment Share on other sites More sharing options...
Employee ofox Shi Posted September 14 Employee Share Posted September 14 (edited) Your vendor is correct. For smartcard readers, the smartcard redirection feature is recommended over USB redirection feature, no matter the Agent is VDI desktop or RDSH. Your problem looks like, as Rob pointed out, an example of the KB. You might try the workaround in that KB(by installing CDR during Agent installation on your RDSH) to see if it makes any difference, and in the meantime wait for Rob's further info. Edited September 14 by ofox Shi Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.