Solved

Smart Card Logon - An authentication error has occurred

Posted on 2009-04-01
2
2,302 Views
Last Modified: 2012-05-06
Okay, heres the situation I need some guidance with. I replaced our Citrix servers with new servers and built the new Citrix set-up from scratch. I have 1 Web Interface 4.5, 1 Secure Gateway 3.1, and 1 Presentation Server 4.5.

It is setup for smart card logon, and if you go to the WI website from a domain computer at work, you get right in.

However, if you logon on from a domain computer at work with local credentials or a computer outside of the network you get the following error, An authentication error has occurred. Please contact your administrator. Log ID:.

The event log shows this error: "A logon attempt has been made by an authenticated user. If this problem persists, attempt a repair of the site using the Access Management Console

Explicit logon with username and PW works fine.

IIS is set to "Negotiate,NTLM"

What am I forgetting to set? Thanks for any help offered.
0
Comment
Question by:DanaWilliams
2 Comments
 
LVL 22

Expert Comment

by:cj_1969
Comment Utility
If this works for a user loged into a machine using a domain account and not using a local account then the implication is that CITRIX is doing pass-through authentication and grabbing the credentials of the logged in user.  Apparently you have access enabled for domain users.  The same would hold true for the machines outside of the network ... the user accounts that the users are logged in with will not be domain accounts.

I presume you are associating the smart card with a specific user ID.  It would seem to me that you want to detect the account that is connecting and if a domain account use those credentials and if not then you want to prompt for credentials.  Or you just ask for credentials ALL the time.
0
 

Accepted Solution

by:
DanaWilliams earned 0 total points
Comment Utility
The fix was in IIS on the Web Interface. Go to properties on the Web Sites folder, go to the Directory Security tab, under Secure communications, check Enable the Windows directory service mapper.

Thanks,
Keith.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Citrix XenDesktop 7.6 Citrix Policies Disable Peripherals
Several part series to implement Internet Explorer 11 Enterprise Mode
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now