When using Windows 7 client and Windows 2008 for Active Directory and BCAAA, Citrix ICA fails to pass authentication. This happens because ICA is not compatible with the security levels set in Windows 2008 and Windows 7.
The problem is the Attribute: Target Name in the NTLMv2 response is set incorrectly by the ICA client software to InetSvcs (see screenshot below.
Update ICA to Citrix Receiver 4, where the issue is resolved.
Install BCAAA onto a Windows 2003 member server.
Use IWA Direct. With IWA Direct, the ProxySG will join the domain and query the Active Directory directly. IWA Direct is available in SGOS 6.3 or later.
Imported Document ID: 000008572
Subscribing will provide email updates when this Article is updated. Login is required.