Unable to passthrough a USB smart card reader to a guest operating system in ESXi version 6.x and later
search cancel

Unable to passthrough a USB smart card reader to a guest operating system in ESXi version 6.x and later

book

Article ID: 323394

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides steps to manually enable passthrough of USB smart cards on ESXi version 6.x and later.

Symptoms:
Unable to passthrough a USB smart card reader to a guest operating system in ESXi version 6.x and later.

Environment

VMware vSphere ESXi 6.7
VMware vSphere ESXi 6.5
VMware vSphere ESXi 7.0.0

Cause

When users use smart card as the authentication to log into ESXi shell, PCSCD is the smart card daemon that claims and controls smart card readers. When you want to passthrough a USB smart card to the guest, the ESXi tries to pull the device from the PCSCD service. This leads to warning messages in the logs similar to:

(vmx-vcpu-0) did not claim interface 0 before use

To avoid the conflicts, VMware has disabled passthrough of USB smart cards to encourage the users to use the USB smart card from remote client instead of ESXi server. As a result, users are unable to passthrough a USB smart card to the guest.

Resolution

To passthrough a USB smart card reader:

Note: Ensure to power off the virtual machine before proceeding with the steps.

  1. Open the vmx configuration file located at the virtual machine directory, using a text editor.
  2. Insert this entry in the vmx configuration file to enable USB smart card passthrough:
    usb.generic.allowCCID = "TRUE"
  3. Run this command to stop the pcscd process:
    sudo /etc/init.d/pcscd stop
  4. Run this command to verify that the pcscd process is not running:
    ps | grep pcscd

In Some scenarios the USB token device may be incorrectly recognized as a usb cd-rom device, if this occurs run the following command to enable usb pass through for cd-rom:

localcli system module parameters set -p "usbCdromPassthroughEnabled=1" -m vmkusb



Additional Information

Impact/Risks:
Following the steps in this Knowledge Base article to passthrough the smart card into guest, the smart card will not work in ESXi shell as the login authentication any more.