000023313 - Citrix Client doesn't receive RSA Challenge

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023313
Applies ToRSA Authentication Manager 6.1
RSA ACE/Server
Citrix Presentation Server 4.0
Citrix MetaFrame
IssueUsers logging onto the server with Terminal Services RDP are challenged by RSA, but logging on with Citrix RDP is not challenged by RSA
Program Neighborhood users are not prompted for their RSA SecureID or token authentication.
Cause

During the Winlogon process, the RSA dynamic link library (DLL) AceGina.DLL is ignored.

By default, the security setting under the ICA-TCP Advanced Connection Settings is set to Use Default NT Authentication. This setting forces all logon authentications on the connections to use msgina.dll even if a third-party party dll for authentication is installed.

Resolution

When using RSA authentication, clear the Use Default NT Authentication check box in the ICA-TCP Advanced Connection Settings.

Users are then prompted with the expected logon Graphical Identification and Authentication (GINA) using the acegina.dll that has been installed on the Metaframe Server or Presentation Server.

NotesThis solution is adapted from Citrix Document ID  CTX112188 .
Legacy Article IDa33318

Attachments

    Outcomes