In preparation to deploy our new 2012R2 RD farm, we have updated our HP thin clients to ThinPro 5.0. They connect just fine using username/password, but when I try to use a smart card, I get the message:
Please use external device to unlock the smart card.
This message is quickly replaced with:
The PIN could not be verified. The credentials could not be verified.
I thought it was a certificate issue, but the correct certs are in the server. I can use the smart card to log into the 2012R2 farm from any other laptop or desktop, just not these thin clients.
ThinPro 5.0 uses freeRDP to make RDP connections. I have tried adding some arguments to the connection parameters, but nothing works. Has anyone else encountered a problem with smart cards in freeRDP like this?
Best Answer
There's a couple great articles that can help you out here. This issue generally pertains to issues with trusting root CA certs that your thin clients and the RDS servers use.
Check the trusted root certificate store on the thin client and see if it has your root CA cert that issued the domain controller certs.
Possible page that walks you through updating the store for these thin clients: