Forum Replies Created
-
Posts
-
Jamian in Dell Engineering had previously escalated this after my postings here, and confirmed it was unlikely either Dell nor Microsoft are going to do anything to remedy this. The mitigation is finally being patched/expiring on Aug 9 2022 next week per that microsoft kb i posted last year, above.
Jaiman had suggested trying Win Server 2022 to see if that would remedy the problem, but alas, after building one out, it does not. Still works fine with username & password, just not with Yubikey smartcard.
Any other suggestions to keep using smartcards with RDP here would be very appreciated. : )
Wons – the solution is – wrong merlin image. The error of course doesn’t tell you this. I had previously been told that you can use the same image for both 3040’s that are PCoIP capable and ones that are not *even if you never use PCoIP*. So you must flash with image that is specifically for 3040’s that come from the factory able to use PCoIP (as evidenced by label on bottom), or not, depending on which 3040 model you purchased.
Curious whether this behavior will persist with whatever supercedes the 3040 as I hear they are EOL in January 2022.
Thanks for your suggestion. : )
Well looks like having secure boot on was the culprit for getting to 9.1.3129 via Merlin. Other q about the mitigation status still stands though. : )
However, the problem with the smart cards still exists on 9.1.3129 w/ WMS 3.3.1. I do not see 3.3.276 on the Dell web site for WMS though so can’t try that.
Thanks! (though your suggestion for remedying the potential smartcard problem with 9.x and WMS doesn’t answer the question re: 8.x clients without WMS and the Microsoft mitigation. Been trying to see if Jamian here in Austin can find out anything about this as well).
Re: flashing 3040 to 9.1.3129 – suppose i have a client that’s on 9.1.2101. Can I just use the merlin image of 9.1.3129 to reimage it? I’ve already imaged multiple USB sticks successfully, and none of them are recognized at boot. The merlin image for 9.1.2101 worked fine. Already on latest bios (though 3040 bios hasn’t had an update for a while anyhow).
Thanks again : )
jqm & anyone else: – Have you heard anything new on this? Your post really saved us and let us get all our 8.6 production clients back up and running! But so far we have heard nothing else from Dell on what the ultimate long term solution is here. Ergo, what I asked Dell:
– Do we just need everyone on wms 3.1x and/or ThinOS 9.x?
– Do we need to flash something? (thought there hasn’t been a new bios for the 3040 for a while, firmware is current on test thin client).
– Do we need to buy all new hardware? (ouch) I hear Dell is coming out with a replacement for the 3040 in another few months.And most worrying is the mitgation won’t work after Feb.8.
Currently we’re also having trouble getting smart cards to work with our dev wms 3.3.1 server; refuses to allow smartcard login, says “unknown username or password” – yet allows login with regular username and password with no problem.
Nothing on the WMS server. I also spoke with my supervisor about our domain firewall policy as well; nothing should be blocked inside the ntework, but to guarantee nothing is blocked for purposes of this test, I moved it to a troubleshooting OU where there is no enforced firewall policy at all. Same problem.
Thanks!
Turning off unencrypted password: still does not work.
Admit I know very little about MQTT. If it helps, this is an on-premises WMS with no internet access. I tried looking for MQTT settings on WMS, but the only reference I find in the manual points to
Portal Administration -> System -> Setup
and in my 3.2 console there, there is no sign of the ‘WMS URLs’ section – if that is relevant.
On WMS it was set to ‘none’ already; switched to ‘low’, saved, rebooted client, same problem. But even if that had fixed it, surely that wouldn’t affect remotely restarting from WMS?
wms 3.2 security settings –
thanks for the help! So, confirmed
Adminmode=no ShowAdmin=no
While admin options from Admin mode (where the dock is shown on the left side of the screen, along with sysinfo and shutdown) are prevented this way, the user is still able to select ‘admin mode’ at the login prompt. Is there a way to prevent that from happening? I saw that I can do so by using a username & pw for ‘admin mode’ but we don’t want that stored in the .ini file.
Regarding smartcard removal, I’ve got it now so that removing the smartcard instantly locks the 3040 and disconnects the user from the session host, but it does not force a logoff. Seems like no matter what I set Autosignoff to (if that’s the correct parameter), it will not logoff the user on smartcard removal.
VDISmartcardLogin=yes
SignOn=Yes EnableOK=Yes DisableGuest=yes LockTerminal=no RequireSmartcard=yes SCRemovalBehavior=logoff Autosignoff=2Thanks again!
