Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Smart Card Logon - An authentication error has occurred

Posted on 2009-04-01
Medium Priority
Last Modified: 2012-05-06
Okay, heres the situation I need some guidance with. I replaced our Citrix servers with new servers and built the new Citrix set-up from scratch. I have 1 Web Interface 4.5, 1 Secure Gateway 3.1, and 1 Presentation Server 4.5.

It is setup for smart card logon, and if you go to the WI website from a domain computer at work, you get right in.

However, if you logon on from a domain computer at work with local credentials or a computer outside of the network you get the following error, An authentication error has occurred. Please contact your administrator. Log ID:.

The event log shows this error: "A logon attempt has been made by an authenticated user. If this problem persists, attempt a repair of the site using the Access Management Console

Explicit logon with username and PW works fine.

IIS is set to "Negotiate,NTLM"

What am I forgetting to set? Thanks for any help offered.
Question by:DanaWilliams
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 22

Expert Comment

ID: 24051053
If this works for a user loged into a machine using a domain account and not using a local account then the implication is that CITRIX is doing pass-through authentication and grabbing the credentials of the logged in user.  Apparently you have access enabled for domain users.  The same would hold true for the machines outside of the network ... the user accounts that the users are logged in with will not be domain accounts.

I presume you are associating the smart card with a specific user ID.  It would seem to me that you want to detect the account that is connecting and if a domain account use those credentials and if not then you want to prompt for credentials.  Or you just ask for credentials ALL the time.

Accepted Solution

DanaWilliams earned 0 total points
ID: 24292735
The fix was in IIS on the Web Interface. Go to properties on the Web Sites folder, go to the Directory Security tab, under Secure communications, check Enable the Windows directory service mapper.


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Policies #XenDesktop #VDI #POC #Citrix Univeral Printer Driver #Citrix UPD
Citrix XenDesktop 7.6 Citrix Policies Disable Peripherals
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question