Horizon RDS Server - Smartcard redirection problems

[FFulde]

Hello everyone,

I'm in the process of setting up a Horizon RDS Farm, we have several users that need to access smart cards inside their sessions for example to sign documents. These Smartcards are used by the applications inside the session not for logging into the session.

I'm just not getting that to work at all. So the vendor of the smartcard reader we are using "ReinerSCT cyberjack" told us to avoid using USB Redirection because it wont work well on an RDS host, we are supposed to use Smartcard Redirection however I believe that is an Single User OS only feature as I can't seem to enable it when installting Horizon Agent on the Server and the feature shows as "Absent" in the Registry.

Do I have any chance of getting this to work? At the moment we have VDI Desktops where USB Redirection works great for smart cards, but we have too much CPU and memory overhead from giving everyone a dedicated VDI, that's why we decided to move towards RDS.

Any help is appreciated.

[Rob Beekmans]

There were some changes, read the KB https://kb.omnissa.com/s/article/94757
I'll try to find what the status is

[FFulde]

Thank you Rob, I forgot to mention we are running Horizon Version 2312 at the moment.

I'll attach some screenshots, in the registry it shows the Smartcard Features as Absent for whatever reason.

The other two screenshots show the features I'm installing it doesnt event list Smartcard as an option there, when I install the Agent on a Windows 10 Desktop for example, I see the Smartcard Feature as an option. (Sorry screenshots are German)

I found this Link Horizon Agent Custom Setup Options (vmware.com) where it says the feature is only for Single User machines. Thats for Horizon 7 tho, so I'm not sure if that has changed in the meantime.

 

 

[Owen Ye]

@FFulde, Smartcard Redirection feature is a mandatary feature on RDSH Agent. No need to select during installation.

You could try to run command "certutil -scinfo" inside RDSH Agent machine to validate if the Smartcard redirected.

Quote

So the vendor of the smartcard reader we are using "ReinerSCT cyberjack" told us to avoid using USB Redirection because it wont work well on an RDS host

This is correct. Just use smartcard redirection on RDS host.

 

And for VDI (single user OS) Agent:

if we want to use Smartcard redirection, just install the smartcard redirection component during installation. No matter if you install USB redirection or not.

if we want to use USB redirection for Smartcard reader/cards, we need to uncheck Smartcard redirection component during installation, select USB redirection, and there's a Group Policy to enable Smartcard via USB redirection. (refer to USB Settings in the Horizon Agent Configuration ADMX Template (omnissa.com)  "Allow Smart Cards Property: AllowSmartcard".

 

[ofox Shi]

Your vendor is correct. For smartcard readers, the smartcard redirection feature is recommended over USB redirection feature, no matter the Agent is VDI desktop or RDSH. Your problem looks like, as Rob pointed out, an example of the KB. You might try the workaround in that KB(by installing CDR during Agent installation on your RDSH) to see if it makes any difference, and in the meantime wait for Rob's further info.

Edited Saturday at 05:45 PM by ofox Shi