Smart Card Logon - An authentication error has occurred

Posted on 2009-04-01
Last Modified: 2012-05-06
Okay, heres the situation I need some guidance with. I replaced our Citrix servers with new servers and built the new Citrix set-up from scratch. I have 1 Web Interface 4.5, 1 Secure Gateway 3.1, and 1 Presentation Server 4.5.

It is setup for smart card logon, and if you go to the WI website from a domain computer at work, you get right in.

However, if you logon on from a domain computer at work with local credentials or a computer outside of the network you get the following error, An authentication error has occurred. Please contact your administrator. Log ID:.

The event log shows this error: "A logon attempt has been made by an authenticated user. If this problem persists, attempt a repair of the site using the Access Management Console

Explicit logon with username and PW works fine.

IIS is set to "Negotiate,NTLM"

What am I forgetting to set? Thanks for any help offered.
Question by:DanaWilliams
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 22

Expert Comment

ID: 24051053
If this works for a user loged into a machine using a domain account and not using a local account then the implication is that CITRIX is doing pass-through authentication and grabbing the credentials of the logged in user.  Apparently you have access enabled for domain users.  The same would hold true for the machines outside of the network ... the user accounts that the users are logged in with will not be domain accounts.

I presume you are associating the smart card with a specific user ID.  It would seem to me that you want to detect the account that is connecting and if a domain account use those credentials and if not then you want to prompt for credentials.  Or you just ask for credentials ALL the time.

Accepted Solution

DanaWilliams earned 0 total points
ID: 24292735
The fix was in IIS on the Web Interface. Go to properties on the Web Sites folder, go to the Directory Security tab, under Secure communications, check Enable the Windows directory service mapper.


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question