Smart Card errors

I have a CAC smart card, and a SCM Microsystems SCR3310 USB card Reader. I'm running Windows 7 Ultimate with SP1.

This setup used to work just fine. When I would insert my CAC, my certificates would immediately propagate to the certificate store (as evidenced by Certificate Manager, certmgr.msc), and I could log on to websites that required a CAC for access.

Recently, I stopped being able to access the websites. Looking in Certificate Manager, I see that only one, or sometimes two of my certificates are present. If I delete them, and re-insert my card a different certificate may appear.

I just returned and replaced the reader with the same model, so I know it is not the culprit.

I finally thought to look at the system log, and noticed the following errors upon smart card insertion:

enter image description here


The errors, in chronological order:

Smart Card Service    Event ID: 610
   Smart Card Reader 'SCM Microsystems SCR33xx v2.0 USB SC Reader 0' rejected
   IOCTL TRANSMIT: Incorrect function.  If this error persists, your smart card
   or reader may not be functioning correctly.

   Command Header: 00 c0 00 00

WudfUsbccidDrv        Event ID: 11
   A Request has returned failure.
   MsgType: 0x80
   ICCStatus: 0x0
   CmdStatus: 0x1
   Error: 0xf6               // ICC_PROTOCOL_NOT_SUPPORTED
   SW1: 0x0
   SW2: 0x0

WudfUsbccidDrv        Event ID: 11
   An operation has failed (0x0, 0x0, 0x0, 0x0).
   ScT0Transmit: Failed to send request at TPDU level.
   HResult: The specified request is not a valid operation for the target device.
   // Note: this one comes from WUDFUsbccidDriver.dll CMyDevice::UsbScT0Transmit+7D0h

WudfUsbccidDrv        Event ID: 10
   Request[0](CLS=0x0,INS=0xc0,P1=0x0,P2=0x0,Lc=0,Le=256,.NETServiceMethod=0x0)

It appears that the hardware indicated failure during the IOCTL TRANSMIT, which trickled down through the user-mode driver framework.

Edit: Consulting the CCID spec, it appears that the card is responding back with bmCommandStatus = 1 - Failed (error code provided by the error register). And Error = ICC_PROTOCOL_NOT_SUPPORTED -10 (F6h). I'm assuming the driver translates this error into the "HResult: The specified request is not a valid operation for the target device." message.

Also, the command being sent was INS=0xC0, which is GET RESPONSE.

How can it say protocol not supported? What is the driver doing differently than when it worked? Note that I also just tried this with a new CAC, and I'm seeing similar behavior. A problem with the card reader, or driver?


Considering I just replaced the reader (and re-installed drivers, rebooted, etc.) is there something wrong with my Smart Card? I'm assuming not, because it does work with another reader on another system. I haven't tried a different reader on the same system.

In fact, the same reader connected to a Windows 7 VM on the same physical machine works just fine! Something is clearly broken, and it's driving me nuts trying to figure out what.

So what is the problem?


Solution 1:

Just in case if someone would stuck with that issue - I have been trying to fix it for like a whole day long.

Here's the solution:

  1. For 64-bit Windows - jump to the registry key at

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\Readers
    

There should be some readers already. And if not, so that's the reason why you may have all the drivers installed, but still not functioning at all.

  1. Go to Device Manager, find the reader in question then look out for this string in Details tab: Bus reported device description.

  2. Create a subkey for the key above. The name should be exactly the same to that Bus reported device description. Then add a counter at the end. So the key should be like this one:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\Readers\O2Micro CCID SC Reader 0
    
  3. Now create a couple string values: first one with Device name and second for groups. Here's my example:

    Device = O2Micro CCID SC Reader 0
    
    Groups = SCard$DefaultReaders
    

That's it. To make it work disconnect the reader and connect it back. In case of internal devices, you may have to reboot the machine. And here's the .reg file example (change device name and number to your own values):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\Readers\O2Micro CCID SC Reader 0]
"Device"="O2Micro CCID SC Reader 0"
"Groups"=hex(7):53,00,43,00,61,00,72,00,64,00,24,00,44,00,65,00,66,00,61,00,75,\
00,6c,00,74,00,52,00,65,00,61,00,64,00,65,00,72,00,73,00,00,00,00,00