OPERATIONAL DEFECT DATABASE
...
...
Certain smartcard readers cannot initiate Single Sign-on (SSO) with Horizon Agent 8.4 and later.A "Is the card Inserted?" prompt may appear.Manual entry of username and password is required to complete login. Log Entries in the Agent Logs will be similar to: 2022-01-06T09:53:06.988+01:00 DEBUG (1418-17D8) <OfflineChannel> [LogonUI] CNGValidateCertFromCard: Unable to open storage provider 'Net iD - CSP'. (null), Error code is 0xc0000225. Is the card inserted? 2022-01-06T09:53:06.988+01:00 DEBUG (1418-17D8) <OfflineChannel> [LogonUI] FindSmartCardCertificate: Did not find a valid card. Check readers that reported that it has no card. 2022-01-06T09:53:06.988+01:00 DEBUG (1418-17D8) <OfflineChannel> [LogonUI] FindSmartCardCertificate: Reader '<VendorName> SmartCard 0' is reporting that it has no card present (dwCurrentState=0x00000012). We are checking it anyway. 2022-01-06T09:53:06.988+01:00 DEBUG (1418-17D8) <OfflineChannel> [LogonUI] CNGValidateCertFromCard: Unable to open storage provider 'Net iD - CSP'. (null), Error code is 0xc0000225. Is the card inserted?
Starting from Horizon 2111 (8.4), Horizon Agent adopts the Microsoft NextGen Cryptography API (CNG) by default.If the smartcard is an older model, or if its driver is not up-to-date, the smartcard reader can only support the legacy Microsoft CryptoAPI. As a result, if CNG is used for SSO, Smartcard Authentication will fail, and SSO will not be successful.
Please reach out to your signature device vendor to upgrade the drivers to Cryptography API: Next Generation (CNG).Cryptography API: Next Generation (CNG) is the long-term replacement for the CryptoAPI. . For more information, see Cryptography API: Next Generation (CNG)VMware Horizon Agent will continue supporting CryptoAPI for the time being, as long as Microsoft’s continued support for CryptoAPI still exists - It will exist as a fallback feature.Procedure to activate the fallback feature in Horizon Agent:1. Open the Registry editor after taking an appropriate backup.2. Navigate to the following path: HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Agent\Configuration 3. Create a REG_SZ String Value key and set its value to true: UseCryptoAPI = True After creating this fallback, you should see success messages within the Horizon Log similar to: 2023-01-26T10:43:14.604+01:00 TRACE (05FC-19D4) <OfflineChannel> [LogonUI] FindSmartCardCertificate: GetCardNameAndCSPFromReader finished. 2023-01-26T10:43:14.604+01:00 TRACE (05FC-19D4) <OfflineChannel> [LogonUI] CryptoValidateCertFromCard: Calling CryptAcquireContext.
This is a child article of: Known Issues with Smartcard Authentication and Horizon View (90349)
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
