Cannot log on to 2203 CU2 Server VDI with smartcard authentication
Article ID: CTX563502
Updated On:
Description
When 2203 CU2 VDA for single session OS is installed with the /servervdi option on windows server OS with LSA (Local Security Authority) enabled, users cannot log on with smart card authentication and event id 3033 is seen in the VDA event log stating that WfApi64.dll does not meet the code signing requirements.
Environment
Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.
Resolution
Upgrade the VDA version to 2203 CU3 which resolves the issue.
Problem Cause
2203 CU2 was released in December 2022 and the code signing cert for the version of WfApi64.dll included expired in May 2023 so will be prevented from being called on by LSA. The version of this DLL included with CU3 is currently valid until September 2024.Additional Information
Microsoft LSA Documentation: https://learn.microsoft.com/en-us/windows/win32/secauthn/lsa-authentication-model
Was this article helpful?
Yes
No
Powered by
