Smart Card errors
I have a CAC smart card, and a SCM Microsystems SCR3310 USB card Reader. I'm running Windows 7 Ultimate with SP1.
This setup used to work just fine. When I would insert my CAC, my certificates would immediately propagate to the certificate store (as evidenced by Certificate Manager, certmgr.msc
), and I could log on to websites that required a CAC for access.
Recently, I stopped being able to access the websites. Looking in Certificate Manager, I see that only one, or sometimes two of my certificates are present. If I delete them, and re-insert my card a different certificate may appear.
I just returned and replaced the reader with the same model, so I know it is not the culprit.
I finally thought to look at the system log, and noticed the following errors upon smart card insertion:
The errors, in chronological order:
Smart Card Service Event ID: 610
Smart Card Reader 'SCM Microsystems SCR33xx v2.0 USB SC Reader 0' rejected
IOCTL TRANSMIT: Incorrect function. If this error persists, your smart card
or reader may not be functioning correctly.
Command Header: 00 c0 00 00
WudfUsbccidDrv Event ID: 11
A Request has returned failure.
MsgType: 0x80
ICCStatus: 0x0
CmdStatus: 0x1
Error: 0xf6 // ICC_PROTOCOL_NOT_SUPPORTED
SW1: 0x0
SW2: 0x0
WudfUsbccidDrv Event ID: 11
An operation has failed (0x0, 0x0, 0x0, 0x0).
ScT0Transmit: Failed to send request at TPDU level.
HResult: The specified request is not a valid operation for the target device.
// Note: this one comes from WUDFUsbccidDriver.dll CMyDevice::UsbScT0Transmit+7D0h
WudfUsbccidDrv Event ID: 10
Request[0](CLS=0x0,INS=0xc0,P1=0x0,P2=0x0,Lc=0,Le=256,.NETServiceMethod=0x0)
It appears that the hardware indicated failure during the IOCTL TRANSMIT
, which trickled down through the user-mode driver framework.
Edit: Consulting the CCID spec, it appears that the card is responding back with
bmCommandStatus = 1 - Failed (error code provided by the error register)
. And Error = ICC_PROTOCOL_NOT_SUPPORTED -10 (F6h)
. I'm assuming the driver translates this error into the "HResult: The specified request is not a valid operation for the target device." message.
Also, the command being sent was INS=0xC0, which is GET RESPONSE.
How can it say protocol not supported? What is the driver doing differently than when it worked? Note that I also just tried this with a new CAC, and I'm seeing similar behavior. A problem with the card reader, or driver?
Considering I just replaced the reader (and re-installed drivers, rebooted, etc.) is there something wrong with my Smart Card? I'm assuming not, because it does work with another reader on another system. I haven't tried a different reader on the same system.
In fact, the same reader connected to a Windows 7 VM on the same physical machine works just fine! Something is clearly broken, and it's driving me nuts trying to figure out what.
So what is the problem?
Solution 1:
Just in case if someone would stuck with that issue - I have been trying to fix it for like a whole day long.
Here's the solution:
-
For 64-bit Windows - jump to the registry key at
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\Readers
There should be some readers already. And if not, so that's the reason why you may have all the drivers installed, but still not functioning at all.
Go to
Device Manager
, find the reader in question then look out for this string in Details tab:Bus reported device description
.-
Create a subkey for the key above. The name should be exactly the same to that
Bus reported device description
. Then add a counter at the end. So the key should be like this one:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\Readers\O2Micro CCID SC Reader 0
-
Now create a couple string values: first one with Device name and second for groups. Here's my example:
Device = O2Micro CCID SC Reader 0 Groups = SCard$DefaultReaders
That's it. To make it work disconnect the reader and connect it back. In case of internal devices, you may have to reboot the machine.
And here's the .reg
file example (change device name and number to your own values):
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\Readers\O2Micro CCID SC Reader 0]
"Device"="O2Micro CCID SC Reader 0"
"Groups"=hex(7):53,00,43,00,61,00,72,00,64,00,24,00,44,00,65,00,66,00,61,00,75,\
00,6c,00,74,00,52,00,65,00,61,00,64,00,65,00,72,00,73,00,00,00,00,00