![]() ![]() Once this was done the USB smartcard reader succesfully redirected and installed inside the XenDesktop. We have XD 5.6 and I found the smartcard reader would not redirect/pass-through from the client device (test with both standard Windows desktop and IGEL Linux thin client) without enabling USB redirection and allowing smartcard redirection via HDX User policy – I also had to remove the Smart Card hooks from the registry per Helge’s blog above. More InformationĬTX132716: Case Study: Preventing or Allowing Mapping of Specific USB Devices to Virtual DesktopsĬTX129558: How to Redirect USB Devices in XenDesktop Smart card readers tested were Reiner SCT cyberJack e-com and Omnikey CardMan 3121. The virtual desktops were running Windows 7 圆4 with the XenDesktop VDA 5.6.200. I have tested this configuration with Citrix XenDesktop 5.6. Make sure the Windows Smart Card service is started on the virtual desktops or all of the above will have no effect. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\CtxHook\AppInit_Dlls\Smart Card Hook.HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook\AppInit_Dlls\Smart Card Hook.To do that delete the following registry keys on the virtual desktop: This can be resolved by deleting the hooks. In that case Citrix’s smart card hooks may interfere with the redirection. In practice it can happen that the readers do not work reliably. If you have followed the steps above you have done everything that is required to get smart card readers working in your virtual desktops – theoretically. In case of eLux make sure to install HDX Plug-n-Play USB 2.0. Thus it is possible that the component for accessing XenApp and XenDesktop is installed, but the HDX Plug-n-Play module is missing. Some Linux thin clients have a modular ICA client. Enable USB Redirection Module (Linux Thin Clients) As described above locate the entry that denies smart card redirection and either delete it or comment it out. The format of that multiline string is identical to the file usb.conf on Linux. On a Windows machine USB redirection rules are stored in the registry value HKLM\Software\Citrix\ICA Client\GenericUSB\DeviceRules. The default content of usb.conf includes the line: DENY: class=0b # SmartcardĮither delete that line or comment it out by putting a hash (#) in front of DENY. USB redirection rules are stored in the file usb.conf which is located in the directory /setup/ica on Fujitsu eLux thin clients. Thin Clients with Linux ICA Client (Citrix Receiver) In contrast to the rules in the Citrix policy the endpoint’s rules are even preconfigured, and in such a way that redirection of smart card readers is disabled. However, the thinking that the endpoint comes first has led to the situation that the ICA client also has redirection rules. When I connect a smart card reader to a thin client I most definitely want to use it in the remote session, not on the device itself. While this just might be true for fat clients it is downright ridiculous for thin clients. Smart Card Redirection Rule on the End User Deviceįunnily, some people seem to think that smart card readers are typically used on the end user’s device, not the virtual desktop. Make sure there is no deny rule overriding it. Smart Card Redirection Rule in Citrix PoliciesĪdd a redirection rule for smart cards to the Citrix policy setting ICA -> USB Devices -> Client USB device redirection rules: Allow: Class=0b # smart cards Allow USB Device RedirectionĬonfigure a Citrix user policy to allow USB device redirection by setting ICA -> USB Devices -> Client USB device redirection to allowed. The following chapters elaborate on these points. The Windows Smart Card service needs to be started.Smart card hooks may have to be removed on the virtual desktop.The USB redirection module must be enabled on the end user device (applies to some Linux thin clients).A redirection rule for the device type smart card on the end user device.A redirection rule for the device type smart card via Citrix policies.To auto-map smart card readers like the Reiner SCT or Omnikey devices into virtual desktops we need: We are going to get to that magic, but we have got a bit of configuring to do first. Smart card readers are USB devices, so the only thing you have to do is plug them into the thin or fat client sitting on your desk and Citrix XenDesktop auto-magically makes them appear in your virtual desktop, right? Wrong. To save you the pain of having to start from scratch here is my description of how to do it. Given that this is such a basic requirement it is astonishingly hard to implement correctly. Even if you only have a moderately sized VDI deployment chances are high you will face the problem of getting USB smart card readers to work on the virtual desktops.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |