Hi,
I'm using Dameware Mini Remote Control 12.1.0.64.
Problem:
When connecting to a remote computer with MRC and I use the authentication type "Smartcard" it takes around 20-25 seconds every time until I'm connected and see the remote desktop.
When I use the authentication type "encrypted windows authentication" it takes only a second until I see the remote desktop.
Setup:
- Dameware with a central license server (MRC-Viewer with DMRC-Mirror driver)
- only LAN usage (+ certificates from an internal PKI so CRL checking delay shouldn't be an issue)
- smartcard: Nitrokey Storage 2 (which uses the "OpenPGP Card v3")...but the issue probably applys to all smartcards (also tested with the tpm virtual smartcard (tpmvscmgr), also takes ~20 seconds to authenticate)
- smartcard minidriver: OpenSC 0.20 (probably not the issue as mentioned above)
- Windows 10 Pro 1903 64-Bit
Every time I connect to a client with the smartcard authentication type an error is generated in the eventlog of the remote client:
error in xml format:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Smartcard-Server" Guid="{4FCBF664-A33A-4652-B436-9D558983D955}" EventSourceName="SCardSvr" />
<EventID Qualifiers="0">610</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-01-16T08:40:11.674287300Z" />
<EventRecordID>2698</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>somemachine</Computer>
<Security />
</System>
<EventData>
<Data Name="Message">Unzulässige Funktion.</Data>
<Data Name="Reader">DameWare DameWare SmartCard Reader 0</Data>
<Data Name="IOCTL">0x313520</Data>
<Data Name="CommandHeader">XX XX XX XX</Data>
</EventData>
</Event>
error in plain text:
Smartcard-Lesegerät "DameWare DameWare SmartCard Reader 0" verweigerte IOCTL 0x313520: Unzulässige Funktion.. Wenn dieser Fehler weiterhin besteht, werden die Smartcard oder das Lesegerät möglicherweise nicht richtig ausgeführt.
Befehlskopf: XX XX XX XX.
Event-ID: 610
Using the SolarWinds Diagnostics tool I exported the DWRCS.log.
sometimes I get (authentication doesn't work at all, timeout):
2020-01-16 09:28:45,415 ClientThreadRun@892 ERROR [Service] LogSystemErrorMsg - 0000000003496750
2020-01-16 09:29:02,136 main@2256 INFO [DWRCS] ************************** DWRCS version is: 12.1.0.64 **************************
2020-01-16 09:29:18,297 ERROR [SmartCardThread] SC_AuthenticationLogonThread - Smart Card Service (SCardSvr) Not Running [6.4.0.1]
2020-01-16 09:29:18,297 ERROR [Service] LogSystemErrorMsg - 000000000489DF00
2020-01-16 09:31:23,570 ClientThreadRun@2312 ERROR [Client_Thread] Terminating Smart Card authentication thread due to long waiting.
sometimes I get (in this case it works but I have to wait ~25 seconds to authenticate):
2020-01-16 09:35:47,874 ClientThreadRun@4552 ERROR [ServerSmartCard.] CServer::SC_IsDriverInstalled; Can't enumerate devices.
2020-01-16 09:35:51,828 ERROR [SmartCardThread] SC_AuthenticationLogonThread - Smart Card Service (SCardSvr) Not Running [6.4.0.1]
2020-01-16 09:35:51,828 ERROR [Service] LogSystemErrorMsg - 00000000057DDF00
2020-01-16 09:36:13,579 main@6588 INFO [DWRCS] ************************** DWRCS version is: 12.1.0.64 **************************
2020-01-16 09:36:13,610 ERROR [Service] Service::SelectHDESK; CloseDesktop failed.
2020-01-16 09:36:13,626 MirrorThread DDIThread@7512 ERROR [ServerMirror] Failed to initialize frame capture.Err = 0x 80070005
2020-01-16 09:36:13,626 MirrorThread DDIThread@7512 ERROR [Service] Service::SelectHDESK; CloseDesktop failed.
2020-01-16 09:36:19,017 SmartCardThread@7932 ERROR [SmartCardThread] SmartCardThread; GetOverlappedResult returned false. code = 996
Logging in locally into Windows works reasonable fast (~5 seconds).
My prefered method would be using the authentication type "encrypted windows authentication" and pass the locally connected smartcard through to the remote computer (which isn't possible? menu strip -> send -> "send smart card login" is greyed out when using "encrypted windows authentication").
Has anyone any ideas on how to speed the smartcard authentication process up or how to troubleshoot my issue?
Any help is appreciated.