Smartcard Needing Drivers In Order To Be Smart

My company laptop dual-boots between Windows 7 x64 and Windows Server 2008 R2. This is for the simple reason that Hyper-V is an indispensible tool for a consultant, but the comfort of a desktop OS like Windows 7 means that I don't want to do without either operating system. I keep the R2 installation fairly clean, all it has installed in fact is anti-virus software. Therfore, in order to use all the standard "office" tools such as Microsoft Office etc. I have a seperate virtual machine that runs Windows 7 with the full suite of user tools. So, when I am working in R2, I need to have an extra virtual machine running. This might seem a little excessive given that Outlook will run fine on R2 but I have 8Gb of RAM in the computer so currently I am not reaching the limits (yet) :-)

The downside to running this configuration is that, for simplicity, my neither my R2 nor guest Windows 7 VM belong to the corporate Active Directory domain, meaning that I have no quick access to internal resources. However, the other day I had a brainwave and thought I'd install our VPN software inside my Windows 7 VM in order to gain access to internal resources and live happily ever after. Given that the VPN software requires validation with a smartcard, I switched to using Remote Desktop to connect to the virtual machine, making sure to map the smartcard resource to the remote computer.

0.1.jpg

However, upon trying to establish the VPN connection, the wizard failed before even starting with the error "A smart card was detected but is not the one requried for the current operation. The smart card you are using may be missing required driver software or a required certificate".

0.jpg

Hmmm, I knew that the smart card was fine because it works if I boot into Windows 7. Also, if I run the VPN software in the host R2 OS, I am able to connect without problems. Consequently, something was getting mashed up along the way to the VM. After a lot of poking around on both the R2 system and the guest Windows 7 one, I wondered if I needed to install the smart card driver into the guest Windows 7 computer even though it never sees the actual physical smart card. Given that it is a plug-and-play smart card, the plug-and-play process will never work over RDP so might be a cause of the problem. So, a quick trip over to the Microsoft Catalog, using the search term "Gemalto" got me the driver I was after.

1.jpg

Unzipped, the driver download looks like below. Copying these files inside the VM (for some reason this step failed when trying to install the driver from a mapped drive) and then right clicking on the .inf file to install, should successfully add the driver to the system. You can confirm that the driver installed correctly by looking in the %windir%\System32 folder for the first DLL file shown in the image below.

3.jpg

Then, as if by magic, my guest Windows 7 virtual machine was able to use my smart card over RDP!

2.jpg

Comments

  • Anonymous
    October 01, 2010
    The smart card redirection of RDP is actually a redirection of all the PCSC messages. Here is a simplified architecture:

CAPI functions

Microsoft Base CSP

Gemalto Minidriver

PCSC

Therefore the host computer does not need the Base CSP or  the Gemalto Minidriver; it just needs the smart card reader drivers and the smart card service running in order to forward the PCSC commands to the VM. On the VM you need the Base CSP (installed by default) and the Gemalto Minidriver in order to use the smart card remotely.

  • Anonymous
    January 12, 2011
    WOw, smartcard working..... thanks !!!