Thursday, July 12, 2012

Using Dell Smart Card Reader in VirtualBox guest via RDP

I've had a bunch of issues getting my VirtualBox guest machine to use the built-in Dell Latitude E6520 smart card reader. It seems to be a known issue with VBox, but basically the internal guest OS just doesn't see the device, or if it does, it can't use it. I've been working around the problem by purchasing an external USB smart card reader (SCM Microsystems SCR3310) to read my CAC.

My setup is as follows:

  • Host: Dell Latitude 6520 laptop running Windows 7 64-bit, 8GB RAM, dual-core/dual-thread Core i5 to provide 4 virtual processors. Using latest copy of VirtualBox.
  • Guest: Windows 2008 R2 Server, 4GB RAM, 3 processors.

I found a new trick that works. Instead of using the graphical console that VirtualBox gives me, I boot the VM into headless most (using command line), then use Remote Desktop Protocol to connect directly to the virtual machine. Note that I'm using the RDP service provided by Windows Server, NOT the RDP service provided by VirtualBox. That is, I RDP into the virtual machine and NOT to the RDP service offered on the host laptop that VBox intercepts. My exact steps were as follows.

  • Configure the VM with a Bridged network adapter so it gets a similar address on your local network as your laptop. This could also probably be done by adding a "local only" network adapter. I don't think it will work properly with a NAT network. (I run both a NAT and a Bridged at the same time sometimes)
  • Boot the Windows Server VM. Do NOT enable "Remote Display" in the display settings. You can either use the command line "VBoxHeadless -startvm my_vm" command, or just start it from the GUI and ignore the console.
  • Make sure RDP is enabled in your Windows Server. Use the Server Manager and/or initial configuration wizard to do it, or just go through the control panel.
  • Use CMD.exe with 'ipconfig' to make note of your IP address on the bridged network. (Example: 192.168.40.2)
  • From the host laptop, start an RDP session
    • Use host: 192.168.40.2 (or whatever the bridged address was)
    • On the Local Resources tab, use "More..." and turn on "Smart Cards" check box
When it connects, you should now have access to your Smart Card. Additionally, it will detect the insert/remove events if you re-insert it (another thing that it doesn't do, even when I have my external smart card reader attached).

NOTE: In my case, I also had ActivClient installed on my Windows Server VM so that I could manipulate the smart card. I'm not sure if you need that or not.

Posted by at 2 comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)