Weird behavior when connecting from Windows clients

Hi,

I have the following setup:

  • Licensed VH Server running on RPi with SafeNet USB token attached
  • VH Windows Production machine (PROD) running VH Client as a service
  • VH Windows Development machine (DEV) running VH Client as a service

Now on the DEV machine, where I click "Use this device"  there are no problems detecting the token.

When I stop using the device on DEV and I click "Use this device" on PROD then on PROD machine I'm unable to detect the token. So I was investigating it and assumed that this is a problem of SafeNet software. 

While investigating I encountered weird, to me, behavior. When I stop using the device on PROD and click "Use this device" on DEV then on PROD I'm seeing "In Use by SYSTEM on PROD". And now I can detect the token properly on PROD. Even if the device is not even used there. Is this expected behavior that I can use the device on PROD when it's in use on DEV? 

I'm using certutil.exe -scinfo to test the connectivity of the token.

#2

The token can only be used at one place at a time, it cant be used simultaneously.

When you stop using on the DEV client, then open PROD you can then right click on the Token there and select Use. Thats how its meant to work.

Run the clients normally (not as a service) and see if there is a popup error message when you try to switch machines.

Also i want to mention, that if you have "Auto-Use"d the device on a particular client then it will grab the device automatically after 3 seconds. So it could be an issue here if you have that setting on. (Right click on the device and see if any of the Auto-Use settings are checked.

#3

The token can only be used at one place at a time, it cant be used simultaneously.

I think the question is does VirtualHere disable the access to the device when it's "In Use" (as reported by the client GUI) on the other machine? Or that "In Use" is just indication but the device is still accessible on both machines? I would expect the former but I experience the latter in this case.

Auto-Use is not an issue, it's disabled. I clearly see in the client GUI running on PROD machine that the device is "In Use" on DEV machine, yet I can use the device on PROD machine without marking it "In Use" locally. 

#4

The device is never accessible on both machines simultaneously.  

VirtualHere never confuses what client has a device in use. Perhaps certutil.exe is caching the certificate or if you try to use it it wont actually work.

Download usbtreeview from https://www.uwe-sieber.de/usbtreeview_e.html and then watch the dongle appear/disappear from the VirtualHere USB 3 Host Controller as you use and stop using. That is the definitive way to see exactly when its connected.

 

#5

Thanks for help and for that USB debug tool. In fact this problem has nothing to do with VirtualHere and the software behaves as expected. 

The behavior I observed turned out to related to Windows RDP and its feature that smart card reading is forwarded when connected through RDP. I was connecting to PROD machine over RDP from DEV machine and therefore token reading was never done by reading from USB of PROD but it was redirected to RDP client machine (DEV) where the token was connected using VirtualHere.  

#6

Interesting, thanks for the info...