It seems I do spend a fair bit of time with smartcards lately, but I have some other interesting posts planned as well. Anyway, this is kind of a heads up to an interesting issue with Vista.
We changed some of the way things work ( for the better ) in Vista. You may have noticed that scredir.dll no longer exists in Vista - much of that code was moved into Winscard.dll. We also changed the way we call the CSP previously ( see http://blogs.msdn.com/spatdsg/archive/2006/10/06/Smartcards-and-cached-logons_2E002E002E00_.aspx ) we called from LSASS into winlogon.exe but we no longer do this in Vista - we go straight to the CSP.
Anyway - this post is marginally related to my other post Smartcard logon over Terminal Services ( RDP redirection )
Remember that the "server" will call back to the client via the RDP protocol ( virtual channel ) and MSTSC.EXE loads winscard.dll on the client in order to process these IO requests. Well in this case the calls never made it up to that level of the code. In fact, they died in the RDP client.
If you have a CSP which calls SCardUIDlgSelectCardW, it may fail due to this issue. The RDP session is initaited from Vista...
Vista --> Vista : works OL
Vista --> XP: FAILURE
XP--> XP: works OK
XP--> Vista : works OK
Error on XP:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Time: 12:32:26 PM
User: NT AUTHORITY\SYSTEM
Reason: An error occurred during logon
Logon Type: 10
Logon Process: User32
Authentication Package: Kerberos
Workstation Name: XPDEBUG
Status code: 0xC000006D à STATUS_LOGON_FAILURE
Substatus code: 0xC0000321 -> STATUS_SMARTCARD_SUBSYSTEM_FAILURE
Anyway - I hate leaving people in the dark with issues they may assume are due to the ISV's software .. so, even tho no fix is out yet... I have this FYI.
Fix is pending.. but again, if the behavior isnt changed, dont shoot the messenger.
[added on July 10,2007 ]Whooo hooo! It was fixed -public KB article is coming but if you need the fix now ask for the fix for article 939682