Placeholder

Certificate Propagation - In Citrix-solutions

Working with published applications, “Run” in registry is not used. Meaning Net iD ”Certificate Mover” will not start with the user and application and the certificates will not be accesible.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

When using Windows Certificate Propagation service problems may occur.

  1. a) Sometimes it takes a while for the certificates to publish.
  2. b) Certificate Propagation service never removes any certificates on smart card removal.

Here is an image that shows 4 user certificates but it is only one actually present from the current user who started the published application.
- 3 from a smart card used previously, currently in my pocket.
- 1 from my smart card that is currently inserted in the smart card reader.

Certificate Propagation In Citrix

The solution is to stop and disable Windows ”Certificate Propagation” service on the server, described above, and make sure Net iDs ”Certificate Mover” is started with the user and published application.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\Windows\system32\userinit.exe,"C:\Program Files\Net iD\iid.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI]

"LogoffCheckSysModules"="iid.exe"

Dela denna artikel

Relaterat