Safenet Smart Card - Unable to use this smart card" after entering PIN prompt
Article ID: CTX475126
Updated On:
Description
When connecting to the desktop of a VDI machine running VDA 2206 with a smart card, the user is prompted for a PIN code and then There is an error message: Unable to use this smart card. Additional information may be available in the system event log. Report this error to your administrator.
There is an event ID 5 logged.
Event ID : 5
An error occurred while removing a digital certificate from the inserted smart card: The requested key container does not exist on the smart card
Resolution
Issuer was found to be related to the smart card middleware.
With Safenet Authentication Client 10.R2 - issue was seen.
However with Safenet minidriver 10.8 R2 - issue was not seen.
The Safenet minidriver is recommended.
For instance, a more extensive (vs. a Minidriver) smart card middleware like the SafeNet Authentication Client might:
With Safenet Authentication Client 10.R2 - issue was seen.
However with Safenet minidriver 10.8 R2 - issue was not seen.
The Safenet minidriver is recommended.
Problem Cause
A Smart Card Minidriver is based on the Microsoft Minidriver Spec: (https://learn.microsoft.com/en-us/previous-versions/windows/hardware/design/dn631754(v=vs.85). All interactions from a Minidriver with a smart card are done over PC/SC – on Windows via the WinSCard functions. The HDX Smart Card Redirection remotes the PC/SC calls from the Host/VDA to the Client (over the ICA Smart Card Virtual Channel).For instance, a more extensive (vs. a Minidriver) smart card middleware like the SafeNet Authentication Client might:
- Communicate with the smart card directly, bypassing PC/SC. Such exchanges (if any) would not be remoted over ICA
- Install smart card monitoring tools that can poll the card aggressively, increasing the traffic over the PC/SC redirection (= ICA Smart Card Virtual Channel). When designing a smart card middleware, a vendor will typically not consider remoting protocols like ICA or RDP: all the calls are assumed to be local from the machine to the smart card via the attached reader, meaning performance (at least the time needed to send a request to the card) is not taken into consideration
Was this article helpful?
Yes
No
Powered by
