- This topic has 22 replies, 6 voices, and was last updated 4 years, 6 months ago by
.
-
Posts
-
I am trying to get a HID Omnikey 3021 SmartCard Reader to redirect from a Wyse 5040 ThinOS 8.5_017 into a Win10 Citrix VDI. On a windows client I have to go to the Citrix Desktop Toolbar and switch it to Generic instead of Optimized to get it to work in the VDI. On the Wyse we are not presenting the Citrix Desktop Toolbar. Is there a way to force the device to redirect as Generic automatically? We have WMS and I enabled Smartcard redirection in policy, however I need to make it redirect as Generic.
If you enable Smartcard redirection, it is actually redirecting the PC/SC interface.
If you need the “full” device, you have to force the redirection by PID/VID.CG
I may have a similar issue, I need to force full device re-direction of a Gemalto CT710 pinpad card reader from a Wyse3040 client to XennDesktop. Whne using the “smartcards=yes” I am not getting the CT710 pinpad working on the card reader. Although the reader shows up in Citrix as I’d expect.
As a total beginner at this, when you say force re-direction by PID/VID, could you expand on this of give any instruction?
I’ve opened a ticket with Dell on this as I could not get it to work. 3rd level just contacted me and told me to do the forced redirect, which I had previously tried. I just tested again using WMS ForceRedirect=0x076b,0x3031,0x0b,0x00,0x00. I see the force redirect in the event log on the Wyse but the Smartcard and reader still do not show up in my Win10 Citrix desktop.
So,
After many many calls with Barclays:
1. Has the correct version of driver been installed on the client to support the pin pad readers?
2. Any client that have issues with new pin pad readers will need to asked their Thin Client vendor the following: “Do you support the use of a secure PIN entry smart card reader that adheres to the PCSC V2 part 10 standard?”
Then contact with Gemalto, the end result is they are not supported.
They advised thin clients running Windows Iot or the like are fine as will run the local driver, however it appears they have not got on their supported list the 3040 running ThinOS and are unable to help further with the integrated PinPad readers like the CT710.
The advice received is to use a non integrated pin pad reader (I.e. the CT30, or anotther brand that works).
using the CT30 or the Dell integrated keyboard version, or an OMNIKEY usb reader we are in and working.
The only downside, while they work and we can get in all services from BACS, Barclays etc if* we have issue in the future with these readers they are unable to support.
Pain in ass, but end result is we buy a few non pinpad readers and ‘throw away’ the Ct710’s until Gemalto certify and support them on ThinOS on the 3040 (or in fact pretty much any of the ThinOS devices).
Ps,
Saw you are using an omnikey… have you allowed the smart card class of device (0b) on your Citrix policies? We had to do that to get any of them working including the Omnikeys.
Using a standard reader we have our clients up and running on our 3040 ThinOS to XenDesktop 7.5 ltsr (Server 2012r2) environment with the server running the Gemalto e-signer IS 6.4 like a treat.
Thanks – yes I do have Allow: Class=0b # Smartcards in my Client USB device redirection rules policy and that and forcing it to connect generic were the keys to getting it working from a Windows client.
Dell is trying to close my ticket on this saying it is a Citrix issue. My head hurts! It’s got to be some combination of settings on the Wyse that I just haven’t hit yet. I do have the force redirect set as:
Device=vusb \
ForceRedirect=0x076b,0x3031,0x0b,0x00,0x00 ForceLocal=”” Type=HDX InterfaceRedirect=noHave you got smartcards=yes in your config?
if not try putting it in?
we use smartcards=yes and just for good measure this we left in:
Device=vusb ForceRedirect=0x0x08E6,0x0x3437,0x0x0b,0x0x00,0x0x00 InterfaceRedirect=yes
…and take out the forcelocal=‘’
Just noticed… you seem to have one less 0x on each of your strings…
worth a try to add them in?
I tried adding the extra 0x but then it didn’t show force redirect in the event log at all so I changed it back. I did notice on a Windows client the first B is capitalized and I know Linux is case sensitive so I changed it to upper but still a no go.
In the event log of the Wyse I see:
-the ForceRedirect Statement which looks good
-I launch my Citrix Desktop
-While my desktop is loading in the Wyse event log it says Redirect device 514 (PID 0x3031, VID: 0x076b)
-Then my desktop is loaded
-Wyse says Device 514 redirection released
When I log out of my Citrix desktop it says
Found HID Global OMNIKEY 3×21 Smart Card reader and then
Found ActiviIdentity crescendo card.
I do have smartcards=yes as well.
Hi cleik59,
Did you get any further with this? Having a similar issue with 3040 ThinOS and the Gemalto CT710.
Did you get an official response from Gemalto to say it isn’t supported yet on ThinOS?
I just resolved this this week by updating our 5040 AIO ThinOS to 8.5.020. With that my ThinOS policy for Smartcards = yes and Force Redirection with the VID/PID worked perfectly.
Yeah I’ve managed to get it pulling through now also.
Having issues with installing the classic client on server 2016 now though. Fun fun fun.
I have done the above and I can see the smartcard reader picking up the smartcard certificates etc but when I try to login to Barclays it still uses the pin pad on the screen and not the one on the card reader. If I use the one on the screen it comes up with private key not found. I am using a Gemalto Ezio Shield Pro SC. Did you actually get the reader to work with barclays using the pin pad on the reader?
- You must be logged in to reply to this topic.