In Windows Server 2012 and 2016 (and possibly 2019), the smart card service behavior was changed by Microsoft. It is now triggered by the insertion of a smart card. In Windows Server 2008, the smart card service was always on.
This can pose challenges in some environments, especially for Citrix / RDS deployments when using the smart card redirection virtual channel. The smart card service will not detect the smart card insertion.
The workaround is to deploy a scheduled task to restart the smart card service “SCardSvr” when stopped.
The scheduled task trigger is “On an event” with a custom XML query looking for the event ID “7036” (source: Service Control Manager) containing the keywords “Smart Card” and “stopped”. The XML query is the following:
|
1 2 3 4 5 6 7 8 9 10 |
<QueryList> <Query Id="0" Path="System"> <Select Path="System"> *[System[Provider[@Name='Service Control Manager'] and (Level=4) and (EventID=7036)]] and *[EventData[Data[@Name='param1'] and (Data='Smart Card')]] and *[EventData[Data[@Name='param2'] and (Data='stopped')]] </Select> </Query> |
The task action is to start a program “SC” with the arguments “start SCardSvr”. The task can be run as SYSTEM and with high privileges.
When this task is deployed, the smart card service will be continuously restarted on the server, solving the issues when using a redirected smart card reader with Citrix / RDS.