- This topic has 3 replies, 2 voices, and was last updated 5 years, 6 months ago by ConfGen.
-
AuthorPosts
-
October 8, 2018 at 8:12 pm #47875
All,
I am using the Wyse 3040 thing client on a Citrix Stroefron (2012r2) LTSR environment and am struggling with the Gemalto ID Bridge CT710 enforced on us by Barclays.
The CT710 is on the ThinOS supported device list, however when using this smartcard reader the on-device pinpad will not work/ initialise resulting in a failure of the software to authenticate.
We also have some older CT30 readers that do not use an on-device pinpad – these work perfectly on the citrix desktop.
When I connect the same device from a Windows based endpoint, they also work perfectly, this is just via the Thin Clients.
I believe there may be some pass through setting on the WNOS.ini that I need to set, (or it could be our citrix policies?) however the fact it works from a Windows based endpoint would make me think it is not the Citrix XenDesktop side.
I am using the smartcards=yes on our ini, and as said the CT30 (non integrated pinpad works fine), is there any way to force redirection of this device into the citrix connection?
The Wyse Thin Client is a new entry to our enterprise environment, and I am still learning with limited support.
Has anyone has these devices work properly on on the Wyse 3040 on a Citrix Xen Desktop enviromant
To confirm the citrix environment does have the latest vendor supplied Gemalto client, e-signer and middleware installed, and running the latest BIOS & ThinOs available to for the 3040.
October 14, 2018 at 4:53 pm #47920Post firmware version and wnos.ini.
CG
October 18, 2018 at 5:41 pm #47967Firmware is current release
ini is:
;*************************************************************
;* *
;* This wnos.ini file was generated with the *
;* Configuration Generator 8.0.04 *
;* Copyright by Thomas Moellerbernd *
;* *
;* https://technicalhelp.de *
;* *
;*************************************************************;*************************************************************
;* General 1 *
;*************************************************************autoload=0 addpkg=FR addpkg=RTME VerifySignature=no
AdminMode=yes Username=REDACTED enc-Password=REDACTED;*************************************************************
;* General 2 *
;*************************************************************FormURL=REDACTED
Locale=English
MirrorFileServer=yes
reboot=yes Time=23:59;*************************************************************
;* General 3 *
;*************************************************************NoticeFile=LegalNotice.txt ButtonCaption=Accept
AutoSignoff=yes;*************************************************************
;* Privilege *
;*************************************************************Privilege=None Lockdown=yes HidePPP=yes HidePN=yes HideConnectionManager=yes ShowDisplaySettings=Yes EnableKeyboardMouseSettings=yes SuppressTaskbar=yes DisableNetworkOptions=yes EnableSystemPreferences=No EnablePeripherals=Audio,Keyboard,Mouse
;*************************************************************
;* Peripherals *
;*************************************************************Language=Uk ManualOverride=yes
KeySequence=yes Ctrl+Alt+Del=yes Win+L=yes;*************************************************************
;* Display *
;*************************************************************Desktop=BackgroundDefault.jpg Layout=Stretch
Dualhead=yes ManualOverride=yes Mainscreen=1 Orientation=hort MonitorAutoDetect=yes
Screensaver=15 LockTerminal=yes Type=2 Image=REDACTED;*************************************************************
;* Redirection *
;*************************************************************MMRConfig=video flashingHW=yes
;*************************************************************
;* Time *
;*************************************************************Timeserver=10.227.127.1 Timeformat=”24-hour format” Dateformt=dd/mm/yyyy
TimeZone=’GMT’ ManualOverride=yes Daylight=yes Start=030507 End=100507 TimeZoneName=”GMT” DayLightName=”GMT”;*************************************************************
;* Network *
;*************************************************************WakeOnLan=yes
SecurityPolicy=low SecuredNetworkProtocol=yes TLSMinVersion=3 TLSMaxVersion=3 DNSFileServerDiscover=yes
DNSIPVersion=ipv4
AddCertificate=REDACTED
AddCertificate=REDACTED
AddCertificate=REDACTED
AddCertificate=REDACTED
AddCertificate=REDACTED
SignOn=Yes SaveLastDomainUser=No LastUserName=No ClearUser=Yes
DefaultUser=
DomainList=REDACTED
MaxVNCD=1
VncPassword=REDACTED Encrypt=Yes
VncPrompt=Yes ActiveVisible=yes;*************************************************************
;* General Session *
;*************************************************************SessionConfig=ALL Fullscreen=yes
Device=vusb ForceRedirect=0x0x08E6,0x0x3437,0x0x0b,0x0x00,0x0x00 InterfaceRedirect=yes Type=HDX
Device=vusb ForceRedirect=0x0x08E6,0x0x34c2,0x0xff,0x0x5c,0x0x00 InterfaceRedirect=yes Type=HDX
Device=vusb ForceRedirect=0x0x08E6,0x0x34c0,0x0xff,0x0x5c,0x0x00 InterfaceRedirect=yes Type=HDX;*************************************************************
;* ICA *
;*************************************************************IcaBrowsing=HTTP
Seamless=yes FullscreenReserved=yes
PnliteServer=REDACTED Storefront=yes ReconnectAtLogon=1 ReconnectFromButton=1
SessionConfig=ALL Smartcards=yes
DesktopMode=Fullscreen SysMenu=Remote SessionReliability=yes OnDesktop=desktops USBRedirection=HDX SmartcardPassthrough=yes;*************************************************************
;* MAC FILTERING *
;*************************************************************Include=$MAC.INI
I have left present the below, however the smartcards=yes appear to cover this off anyway, as normal readers work fine, its the Gemalto readers with integrated pinpads that wont pass over the pinpad part – however are detected as a card reader and detect cards in Citrix, non PinPad type readers work no problem even without a forceredirect line.
Device=vusb ForceRedirect=0x0x08E6,0x0x34c2,0x0xff,0x0x5c,0x0x00 InterfaceRedirect=yes Type=HDX
Device=vusb ForceRedirect=0x0x08E6,0x0x34c0,0x0xff,0x0x5c,0x0x00 InterfaceRedirect=yes Type=HDXThe one thing I did notice is the class is different, a standard reader is 0b subclass 00, these integrated ones are class ff, subclass 5c. I have ensured these class of devices are enabled in Citrix, however still no pinpad passthrough on the device, despite the terminal itself in the logs correctly identifying the reader.
October 21, 2018 at 1:46 pm #47976Typically these Clas 3 reader (with pinpad) need local driver support.
You can try to play with
Device=CCID DisableSecurePIN=yes/no
However, I doubt this will change anything.CG
-
AuthorPosts
- You must be logged in to reply to this topic.