/build/static/layout/Breadcrumb_cap_w.png

SmartCard Minidriver

Hello,

I am working on deploying smartcards and I cant seem to find a way to include gemalto mini driver in kace. I can't find the driver in my catalog search and i enabled recommended updates.
I also tried to go DISM route which would be easy if the command worked.

DISM.exe /Online /Add-Package /PackagePath:"path to cab" gives me error: 2. Looking through DISM log it looks like it snot able to open the file. File is not corupt as i can open it and extract everything out of it. I made sure the file is not blocked and tried to run it from multiple locations (network, C:\, profile etc.)

i'd rathe rmake it work through DISM since it'll be so easy to script that instead of waiting for patch cycles doesnt make sense. But anyway I can get ti out i'll take it.
Asked 6 years ago 1237 views
2 Comments   [ + ] Show comments
  • ok, so i found a way around it using pnputil and i was able to load drivers. I know they're loaded because if i show hidden devices in device manager I see gemalto card. I am still not able to RDP using the cards. I get the same error that I dont have drivers. If i open a console and do USB pass through to my smart card It recognizes the drivers and I am able to login. After that one time going through the console I am able to RDP into that system using smart cards. It's like it needs to be physically plugged into the server first time for it to associate the driver with the right device. I'm wondering if pnputil is responsible for that behavior and I should load the drivers some other way.
    I did try rebooting and it didn't help. - aemalas 6 years ago
  • For those that ran themselves into this corner by using kace for patching. This is how I was able to resolve this. The issue was due to the way pnputil was installing drivers (worked as pnputil is design, just not how I needed it.) Using rundll32.exe is what allowed me to script it.
    RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 %path to .inf%
    After running this I can use smartcards for rdp authentication. No more driver errors. - aemalas 6 years ago

Answers (1)

Posted by: Pressanykey 6 years ago
Red Belt
0
Hi,
PNP Util is doing what it is supposed to... Plug and Play... Util the device is actually recognised as being "attached" to the computer the drivers will not be loaded. You have confirmed the correct behaviour already, because as you state when you connect the hardware physically to the server the device drivers are loaded. Sometimes just "passing through" the hardware just does not work.
Are the drivers / hardware certified for RDP? Have you considered (I presume it is a USB hardware) a USB server (special "boxes" that present USB devices in the network).
just my tuppence

Cheers
Phil
Comments:
  • Yes, The are just USB devices. The driver is RDP compatible and is in widnows catalog. Whatever promise that means. Once i run pnputil and then connect it directly i am able to use RDP pass-through. It's just that first time has to be direct attached. To me it seems that these cards are recognized as something else first time and ones they're plugged in directly one time they get seen as gemalto cards.
    How can i find that driver in Kace and deploy it with the rest of the patches? It should be available as a patch. I know i can find them in WSUS.
    these are the drivers
    https://www.catalog.update.microsoft.com/Search.aspx?q=gemalto - aemalas 6 years ago
    • If the Product / Driver is RDP certified, then the vendor *should* provide installation documentation... - Pressanykey 6 years ago
      • Vendor is Microsoft. They did by packaging it in windows updates. We're using kace for patching so i'd expect there is a way to roll them out using kace as patching mechanism - aemalas 6 years ago
  • I dont think USB server would work in this scenario. Each user will have a smart card with a cert on it and will be used to authenticate them on to their computer. Admins will use certs to auth themselves to servers through RDP. USB server simply makes USB devices connect to the network, at least thats my understanding of them. - aemalas 6 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ