Windows Server - smart card CSP & drivers not present on this system message.

Asked By johndselp on 10-May-07 11:47 AM
Ok, so I've been to MS PKI training and have a good 3 tier system
planned.  I've gotten RSA tokens with smartcards builtin to the
device, and they are nice.  But in my testing (not production), when I
put a smartcard logon cert on a smartcard I can logon fine but if I
remote desktop I get the "the card supplied requires drivers that are
not present on this system, please try another card" message.  I know
it's CSP related, or at least I believe it is.  But I'm not sure what
to do about it.  How do I deploy the cert with the right CSP such that
Windows 2003 term serv will be happy with the RSA smart card logon?
Any ideas?




Can Balioglu replied on 11-May-07 04:14 AM
Hi again,

Smart card logon over Terminal Services is internally much different than
the local smart card logon process. It seems the drivers of your smartcard
reader conflict with the standard CSP drivers. More information is available
in Steve Patrick's blog
(http://blogs.msdn.com/spatdsg/archive/2006/10/16/smartcard-logon-over-terminal-services-rdp-redirection.aspx)

The problem is probably caused by your vendor's driver. (As an example
Actividentity -
http://www.actividentity.com/support/kbase/cms/display_article.php?kbid=588)

Can Balioglu
can.balioglu at averina.com

Averina - Code Signing and IT Security Solutions
http://www.averina.com
johndselp replied on 11-May-07 08:57 AM
Yeah I've read that blog already but the information doesn't really
help practical deployment.  I've come to the conclusion that when RSA
said the smart tokens were supported by Microsoft native CSPs that
they lied, or else were just dumb.  If I try to use an enrollment
agent, none of the built in Microsoft CSPs will accept the card.
Looks like the only real option with the RSA devices may be to install
RSA software on every machine.  Super.