Why is remote SmartCard not found when using RDP

Question

I'm using Windows Server 2008 R2 which runs a VB6.0 application that uses a smartcard locally.

I then connect to this machine remotely using Remote Desktop Connection (6.3). However now the application shows the following error (SmartCard):

0x8010001d The Smart card resource manager is not running.

Research so far:

• I don't want to use redirection as the card is on the remote machine already.
• Using RDP the way I am trying to use it for is wrong and tightVNC is more appropriate (This does fix the issue)
• Unsure - SCardEstablishContext API is returning that error because it gets an Access Denied error when trying to open an event called "Global\Microsoft Smart Card Resource Manager Started" with OpenEvent API. The default security for that event on Vista and Windows 7 specifies that only SYSTEM, LOCAL SERVICE and INTERACTIVE users have access to it. NETWORK SERVICE or non-interactive users won’t be able to access the event.

Why is the SmartCard not being recognised?

Any Information would be appreciated.

NOTE: The smartcard works fine when the application is on Windows Server 2008 R2 - however only fails when connecting remotely.

Answer 1

Use VNC instead of RDP

TLDR: Use VNC as a Windows Service

If you insist on using RDP, then you'll have to patch your RDP DLLs. If you don't want to do this, then instead use ANY OTHER PROTOCOL other than RDP. If it's a vmware VM, then just use the vcenter console. If it's an Azure VM where you don't GET a console, then just install VNC-server-softer on the server that has the Smart Cards and then access from somewhere else via VNC-client. "TightVNC" (https://community.chocolatey.org/packages/tightvnc) worked nicely for me.

There are two ways to run TightVNC server:

• TightVNC Server (Service Mode) -- Connecting with VNC-client will take you to the Windows logon screen.
• TightVNC Server (Application Mode)

You will need to run TightVNC as a Windows Service. Then you will start a NEW session. Otherwise you'll just be on top of the existing RDP session and still not see remote Smart Cards.

Long Version

If you RDP into a remote server, then that remote server's Smart Cards will be hidden. That behavior is baked into RDP and it is BY DESIGN.

You can optionally take your LOCAL Smart Cards along into the RDP session. (Via mstsc.exe's "Local Resources" tab and then checking "Smart cards".) But these are the Smart Cards connected LOCALLY to your laptop. And NOT the Smart Cards connected to the remote server.

So if you use RDP, then you have option to either see no Smart Cards at all (neither local, nor remote) or just see your LOCAL Smart Cards. To see the REMOTE Smart Cards is NOT possible via RDP.

This is by design inside RDP. And if you want to change it, then you have to manually patch some .DLL files. And somebody has actually done this. See this question here:

• How to Access Remote USB Smartcard during RDP
  • https://lifayk.blogspot.com/2012/07/windows-smart-card-subsystem-and-remote.html (Archived here.)

Answer 2

It is not possible, you can't use the locally plugged smartcard of the server you RDP into, as your session is redirected to the client then only the clients smartcard is accessible in the rdp session. Microsoft made it like this for security reasons. But there is a turn around, like sharing the device (smartcard reader, Usb token, Usb devices ) using software or hardware : softawre examples (i only found paid solutions), see link or hardware using a Device server but it doesn't work through WAN only LAN.

Answer 3

Before you create your Remote Desktop session, click on "Show options". Under the "Local Resources" tab there is a "Local devices and resources" panel. Click the "More" button.

Click on "Smart Cards". No complete the remote desktop session.