Smartcard authentication fails after a fresh Windows 2008 R2 virtual machine was converted to a virtual disk, and XenApp 6.5 and SafeNet client were installed on it.
A user logs on to Web Interface, accepts the certificate, enters the PIN, and then logs on to Web Interface successfully. When the user clicks the published desktop, the “Invalid username and password” message appears. The user has to manually log on.

To resolve the issue, completed the following steps:

1. Manually create the directory junction PROGRA~2 to C:\Program Files (x86) on the non-working server by running the following command:
   mklink /J C:\PROGRA~2 "C:\Program Files (x86)"

2. Reboot the server for the Smartcard authentication to start working on the server.
   Note: The following filesystem optimization (disabling 8dot3 support) was not required before provisioning XenApp.
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
   "NtfsDisableLastAccessUpdate"=dword:00000001
   "DontVerifyRandomDrivers"=dword:00000001
   "NtfsDisable8dot3NameCreation"=dword:00000001
   File system optimization or disabling 8dot3 support is not required before provisioning XenApp.

Problem Cause

The procmon traces collected from the non-working and working environment showed that the mfaphook64.dll file was missing in the non-working trace files. This .dll file was available in the working trace files.

CTX131995 – User Cannot Launch Application in Seamless Mode in a Provisioning Services Server when XenApp Optimization Best Practices are Applied