After upgrading Citrix Workspace App to 2203 CU2 and 2210.5 and above in customer's client machine, ICA session became unable to launch. Specifically, ICA file can be downloaded but wfica32.exe never starts.
The issue doesn't occur in the same client machine with Citrix Workspace App for Windows 2203 LTSR CU1 and 2210 or lower.

Important Note:  wfica32.exe in different Workspace app for Windows versions may be signed by different certificates.

1. Right-click wfica32.exe > Properties > Digital Signatures > Details > View Certificate > Certification Path for the exact certificate names.
2. Download and install appropriate certificate here.
   • Example: digicert trusted root g4 and digicert trusted g4 code signing rsa4096 SHA384 2021 CA1
   • Also please verify if DigiCert Assured ID Root CA Cert is available or not. If not, install that certificate.

Problem Cause

For Citrix Workspace App for Windows 2203 LTSR CU2 and 2210.5 an above, wfica32.exe file signature validation starts to take effect, which relies on MS API: WinVerifyTrust(). In the affected client machine, the CA certificates used to sign wfica32.exe are missed. That results in MS API: WinVerifyTrust() failure while validating wfica32.exe and ICA session unable to launch.