Citrix ICA Client Authentication Fails when using explicit proxy

Solutions ID:    KB5219
Version:    5.0
Status:    Published
Published date:    07/17/2012
Updated:    07/18/2013

Problem Description

When using Windows 7 client and Windows 2008 for Active Directory and BCAAA, Citrix ICA fails to pass authentication. This happens because ICA is not compatible with the security levels set in Windows 2008 and Windows 7.

The problem is the Attribute: Target Name in the NTLMv2 response is set incorrectly by the ICA client software to InetSvcs (see screenshot below.



  1. Update ICA to Citrix Receiver 4, where the issue is resolved.
  2. Install BCAAA onto a Windows 2003 member server.
  3. Use IWA Direct. With IWA Direct, the ProxySG will join the domain and query the Active Directory directly. IWA Direct is available in SGOS 6.3 or later.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question