After you set up smart card authentication for the first time, or when smart card authentication is not working correctly, you should verify your smart card authentication configuration.
- Verify that each client system has smart card middleware, a smart card with a valid certificate, and a smart card reader. For end users, verify that they have Horizon Client.
See the documentation provided by your smart card vendor for information on configuring smart card software and hardware.
- On each client system, select
to verify that certificates are available for smart card authentication.
When a user or administrator inserts a smart card into the smart card reader, Windows copies certificates from the smart card to the user's computer. Applications on the client system, including Horizon Client, can use these certificates.
- In the locked.properties file on the View Connection Server or security server host, verify that the useCertAuth property is set to true and is spelled correctly.
The locked.properties file is located in install_directory\VMware\VMware View\Server\sslgateway\conf. The useCertAuth property is commonly misspelled as userCertAuth.
- If you configured smart card authentication on a View Connection Server instance, check the smart card authentication setting in View Administrator.
You must restart the View Connection Server service for changes to smart card settings to take effect.
- Select .
- On the Connection Servers tab, select the View Connection Server instance and click Edit.
- If you configured smart card authentication for users, on the Authentication tab, verify that Smart card authentication for users is set to either Optional or Required.
- If you configured smart card authentication for administrators, on the Authentication tab, verify that Smart card authentication for administrators is set to either Optional or Required.
- If the domain a smart card user resides in is different from the domain your root certificate was issued from, verify that the user’s UPN is set to the SAN contained in the root certificate of the trusted CA.
The UPN appears in the User logon name text boxes on the Account tab.
- Find the SAN contained in the root certificate of the trusted CA by viewing the certificate properties.
- On your Active Directory server, select .
- Right-click the user in the Users folder and select Properties.
- If smart card users use the PCoIP display protocol to connect to remote desktops, verify that the View Agent PCoIP Smartcard subfeature is installed. The PCoIP Smartcard subfeature lets users authenticate with smart cards when they use the PCoIP display protocol.
Note: The PCoIP Smartcard subfeature is not supported on Windows Vista.
- Check the log files in drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs on the View Connection Server or security server host for messages stating that smart card authentication is enabled.