Microsoft Remote Desktop for Mac not working with IDEMIA PIV

Microsoft Remote Desktop for Mac not working with IDEMIA PIV



 Dec 18 2021
1 Comments (1 New)

I transitioned from an Oberthur PIV to IDEMIA PIV back on November 2020, and the IDEMIA PIV has not worked with any of the Mac client versions released in the last year (including the current 10.7.3 version). My new IDEMIA PIV works with ssh, chrome and safari and the command-line rdesktop client.


The system_profiler SPSmartCardsDataType command shows my piv in its reader:


     #01: Alcor Micro AU9560 (ATR:{length = 17, bytes = 0x3bd6970081b1fe451f878031c152411a2b})

Reader Drivers:

     #01: org.debian.alioth.pcsclite.smartcardccid:1.4.32 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle)

Tokend Drivers:

SmartCard Drivers:

     #01: (/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex)


And its 8 public certs are displayed.


As the Microsoft rdp client connects, it shows the "sign-in options" for a few seconds, and I can see a smartcard icon displayed. Clicking on the icon shows "checking status" and then the smartcard disappears. (reseating the PIV or inserting another smartcard has no affect after the smartcard icon disappears).


My other yubikey smartcards work without issue. 


I don't see any useful logging information. My previous PIV only had 6 certs, and the new one has 8 (four of the 8 are expired). 

As my coworkers with Macs have received their new PIVs over the last year, they have encountered the same problem. I don't see any way to get any logging information out of the client.


Same issue here. Its pretty frustrating because everything else works just fine. I know it must be a rare case as I doubt many people use PIV through RDP for Mac.  A resolution would be great. 


I'm on MacOS catalina with MS RDP 10.7.6 using /usr/lib/ssh-keychain.dylib which works with all terminals forwarding the agents properly.