How to configure Smart Card Authentication for RDP connections (4328768)

Converse agora com nosso suporte

Obtenha ajuda em tempo real
Concluir registro

Entrar

Solicitar preços

Entre em contato com o setor de vendas

Voltar

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Título

How to configure Smart Card Authentication for RDP connections
Descrição

Connecting to a Windows machine via RDP and using smartcard authentication is successful. However, when RDP via Safeguard, smartcard authentication doesn't work anymore. Remote end stops seeing smartcard with Safeguard in the middle. Password authentication still works fine.
Causa

Possible causes are:
- "Enable Network Level Authentication" option is enabled in SPS
- On the target server "Allow connections only from computers running Remote Desktop with Network Level Authentication" is selected
- RDP channel policy in SPS isn't configured correctly and/or isn't set to the right connection policy
Resolução
- Uncheck "Enable Network Level Authentication" in SPS
- Deselect "Allow connections only from computers running Remote Desktop with Network Level Authentication" on the target server
- Set up RDP channel policy in SPS with the following:
Configure "Redirects" which is necessary to use smart cards "SCard redirect"
Redirects: Enables access to every device redirection available in RDP, like file-sharing, printer sharing, device (for example, CD-ROM) sharing, and so on.
To enable only Smart Card type of redirections, use the following channel:
NOTE: Due to the way RDP handles device redirection, that is, these channels cannot work unless the Sound channel type is also enabled, ensure that if you enable one of the specific types of redirections, for example, Serial, Parallel, Printer, Disk, SCard or Custom redirect, you also enable the Sound channel.
- SCard redirect: Enables access to shared SCard devices.
More information can be found in the admin Guide "Supported RDP channel types" topic
https://support.oneidentity.com/technical-documents/one-identity-safeguard-for-privileged-sessions/6.10.0/administration-guide/61#TOPIC-1629360
- Some earlier SPS versions also need to have the channel policy to include "Dynamic virtual channel" for smart card redirect to work. In those cases it must be explicitly added to the "Permitted channels" under the Dynamic virtual channels channel policy. If the SCard redirect doesn't work by itself please try configuring and using this channel type as well in your policy.
- The properly configured RDP Channel Policy needs to be set to the right RDP Connection Policy.

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Solicitar um artigo da base de conhecimento

Conteúdo recomendado

Produto(s):: One Identity Safeguard for Privileged Sessions
6.9.4, 6.9.3, 6.9.2, 6.7.0, 6.0.10, 6.0.9, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0 LTS

Tópico(s):: How To

Histórico do artigo:: Criado em: 7/21/2021
Última atualização em: 5/7/2023

Search All Articles

Selecione seu produto:

Para podermos atendê-lo melhor, informe o Propósito de seu chat:

Soluções recomendadas para seu problema

How to configure Smart Card Authentication for RDP connections (4328768)

Título

Descrição

Causa

Resolução

Leave a Comment