cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Highlighted
Level 7

Dameware MRC slow smart card authentication

Hi,

I'm using Dameware Mini Remote Control 12.1.0.64.

Problem:

When connecting to a remote computer with MRC and I use the authentication type "Smartcard" it takes around 20-25 seconds every time until I'm connected and see the remote desktop.

When I use the authentication type "encrypted windows authentication" it takes only a second until I see the remote desktop.

Setup:

- Dameware with a central license server (MRC-Viewer with DMRC-Mirror driver)

- only LAN usage (+ certificates from an internal PKI so CRL checking delay shouldn't be an issue)

- smartcard: Nitrokey Storage 2 (which uses the "OpenPGP Card v3")...but the issue probably applys to all smartcards (also tested with the tpm virtual smartcard (tpmvscmgr), also takes ~20 seconds to authenticate)

- smartcard minidriver: OpenSC 0.20 (probably not the issue as mentioned above)

- Windows 10 Pro 1903 64-Bit

Every time I connect to a client with the smartcard authentication type an error is generated in the eventlog of the remote client:

error in xml format:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

  <Provider Name="Microsoft-Windows-Smartcard-Server" Guid="{4FCBF664-A33A-4652-B436-9D558983D955}" EventSourceName="SCardSvr" />

  <EventID Qualifiers="0">610</EventID>

  <Version>0</Version>

  <Level>2</Level>

  <Task>0</Task>

  <Opcode>0</Opcode>

  <Keywords>0x80000000000000</Keywords>

  <TimeCreated SystemTime="2020-01-16T08:40:11.674287300Z" />

  <EventRecordID>2698</EventRecordID>

  <Correlation />

  <Execution ProcessID="0" ThreadID="0" />

  <Channel>System</Channel>

  <Computer>somemachine</Computer>

  <Security />

</System>

<EventData>

  <Data Name="Message">Unzulässige Funktion.</Data>

  <Data Name="Reader">DameWare DameWare SmartCard Reader 0</Data>

  <Data Name="IOCTL">0x313520</Data>

  <Data Name="CommandHeader">XX XX XX XX</Data>

  </EventData>

</Event>

error in plain text:

Smartcard-Lesegerät "DameWare DameWare SmartCard Reader 0" verweigerte IOCTL 0x313520: Unzulässige Funktion.. Wenn dieser Fehler weiterhin besteht, werden die Smartcard oder das Lesegerät möglicherweise nicht richtig ausgeführt.

Befehlskopf: XX XX XX XX.

Event-ID: 610

Using the SolarWinds Diagnostics tool I exported the DWRCS.log.

sometimes I get (authentication doesn't work at all, timeout):

2020-01-16 09:28:45,415 ClientThreadRun@892 ERROR [Service] LogSystemErrorMsg - 0000000003496750

2020-01-16 09:29:02,136 main@2256 INFO  [DWRCS] ************************** DWRCS version is: 12.1.0.64 **************************

2020-01-16 09:29:18,297  ERROR [SmartCardThread] SC_AuthenticationLogonThread - Smart Card Service (SCardSvr) Not Running [6.4.0.1]

2020-01-16 09:29:18,297  ERROR [Service] LogSystemErrorMsg - 000000000489DF00

2020-01-16 09:31:23,570 ClientThreadRun@2312 ERROR [Client_Thread] Terminating Smart Card authentication thread due to long waiting.

sometimes I get (in this case it works but I have to wait ~25 seconds to authenticate):

2020-01-16 09:35:47,874 ClientThreadRun@4552 ERROR [ServerSmartCard.] CServer::SC_IsDriverInstalled; Can't enumerate devices.

2020-01-16 09:35:51,828  ERROR [SmartCardThread] SC_AuthenticationLogonThread - Smart Card Service (SCardSvr) Not Running [6.4.0.1]

2020-01-16 09:35:51,828  ERROR [Service] LogSystemErrorMsg - 00000000057DDF00

2020-01-16 09:36:13,579 main@6588 INFO  [DWRCS] ************************** DWRCS version is: 12.1.0.64 **************************

2020-01-16 09:36:13,610  ERROR [Service] Service::SelectHDESK; CloseDesktop failed.

2020-01-16 09:36:13,626 MirrorThread DDIThread@7512 ERROR [ServerMirror] Failed to initialize frame capture.Err = 0x 80070005

2020-01-16 09:36:13,626 MirrorThread DDIThread@7512 ERROR [Service] Service::SelectHDESK; CloseDesktop failed.

2020-01-16 09:36:19,017 SmartCardThread@7932 ERROR [SmartCardThread] SmartCardThread; GetOverlappedResult returned false. code = 996

Logging in locally into Windows works reasonable fast (~5 seconds).

My prefered method would be using the authentication type "encrypted windows authentication" and pass the locally connected smartcard through to the remote computer (which isn't possible? menu strip -> send -> "send smart card login" is greyed out when using "encrypted windows authentication").

Has anyone any ideas on how to speed the smartcard authentication process up or how to troubleshoot my issue?

Any help is appreciated.

0 Kudos