Bugzilla – Bug 7144
Reconnection with smart card auth fails with "incorrect pin" after redirection
Last modified: 2018-04-20 13:25:00
You need to
before you can comment on or make changes to this bug.
Created an attachment (id=853) [details]
Screenshot of the error on Windows Server 2008 R2
Steps to reproduce:
1. Find a RDS farm with at least 2 servers
2. Login using smart card authentication
3. Note which RDS host you ended up on
4. Disconnect (don't log out)
5. Try to login to one of the other servers in the farm (not the one with your
You will now be redirected to the server where your disconnected session is,
and get the "incorrect pin" error. Happens all the time on both Windows Server
2008 R2 and Windows Server 2016. We have not tested Windows Server 2012.
Created an attachment (id=854) [details]
Screenshot of the error on Windows Server 2016
This has been observed with thinlinc 4.9.0 but also with older versions.
Fix comitted upstream in 567b1f74
Let's do this now since we found an easy fix.
I verified that I could reproduce the problem against tl-4.9.0rc1 on Ubuntu
16.04 and Windows Server 2016. I then upgraded the rdesktop package to a newly
built deb that includes the fix and verified that the problem doesn't exist
anymore. I also briefly redirection for regular password authentication with
and without CredSSP.
Verified with 2008 and 2016. Redirect failed with an older rdesktop, but works
fine with an upgraded one.