I'm struggling to get my YubiKey to work properly via RDP on Windows Server 2016. It works fine on newer operating systems, but I'm running into issues on 2016. The YubiKey shows up in the RDP session — I can see it with certutil and in the YubiKey Management GUI, but when I try to use it for verification on Yubico's site, I'm not prompted for a PIN. Instead, I get an error saying, "The operation either timed out or was not allowed." I've checked the group policies and made sure that RDP settings allow for smart cards. There are no issues with newer server versions, only 2016.
I've also looked into the smart card minidriver installation and followed the instructions, ensuring it's installed on both systems and using the Legacy Node flag. Has anyone found a reliable way to get YubiKey working through RDP on this older Windows Server version?
4 Answers
I had a similar issue! We ended up upgrading our Citrix farm from Server 2016 to a newer version because 2016 couldn't handle WebAuthn natively. Might be worth considering an upgrade if you can.
We use Authlite for YubiKey integration, and it works like a charm for RDP access in our environment. We're on Server 2022, though. Might be worth looking into if you’re set on using YubiKey across your servers.
Thanks for the tip! Good to know it works across the 2016-2025 range. I may consider switching to Authlite.
I’ve read that Server 2016 lacks some necessary security features to support YubiKey properly. I recommend aiming for Server 2022 or higher to avoid these kinds of issues.
That’s disappointing to hear. I’ve got a bunch of 2016 servers, so I guess I'll have to plan for upgrades soon!
A while back, I had to do some complicated workarounds just to get YubiKey passthrough working on 2016. Honestly, if you're considering it, testing out Server 2022 or even 2025 might save you a lot of headaches in the long run.
Sorry to hear about the hassle! I figured there might be an alternative method for older versions instead of WebAuthn, but it seems like an upgrade might just be the easiest solution.