I've upgraded two devices to the Windows 8.1 Preview - a desktop and a Surface Pro. On both these devices, I am no longer able to log into a Citrix landing page successfully. In order to get to a login prompt using IE11, I have to add the landing in Compatibility Viewing (no big deal), but any attempts to log in (using two stage authentication including an RSA key) fails with:
"The credentials you typed are incorrect. Please try again or contact your help desk or system administrator."
I figured this was an IE11 issue, so I started adjusting the usual suspects. The page was added as a trusted site, disabled Enhanced Protected Mode, as well as (temporarily) setting all security settings to its lowest value No change. I used the same login on another device for verification and connections work as expected. Logins using the landing page worked normally on both of these devices prior to the 8.1 preview.
At the recommendation of our Citrix administrator, I installed "a alternative browser" to eliminate the IE11 variables - while the landing page worked without any compatibility settings, the same error returned upon entering the same credential set. I'm guessing this is a change at the OS level. I did the rounds with Bing to see if anyone else had seen this and determined root cause, but I'm apparently the only one with this condition so far.
I did see that there were changes in 8.1 on how VPNs work (applications can pass VPN requests directly to the OS), but I can't find out where to set/modify these settings.
Citrix is 4.x without a published storefront (security compliance thing). This fails during authentication - the Citrix Receiver hasn't launched yet. I've seen similar problems reported for Cisco and Juniper VPNs, but I don't have the network adapter listed in the fix.
Wednesday, July 03, 2013 7:51 AM
- Changed type Leo HuangMicrosoft contingent staff, Moderator Thursday, July 11, 2013 8:59 AM
I am also having strange issues after upgrading to Windows 8.1. I can log into our Citrix page, but cannot launch any apps. I have also tried all the usual suspects with trusted sites, etc. We also use a Mitel phone system and can no longer authenticate the software on the computer. I don't know if we are having the same issue or not, but something on the OS definitely changed as both of these were working before the upgrade.Monday, July 08, 2013 2:39 PM
I've just tested this on a Windows 8.1 virtual machine and am able to log into our Citrix page without any problem, I didn't even have to adjust compatibility settings or add to trusted sites. I haven't tried launching an app because I don't have a Citrix client installed on the machine yet but it sounds like you're not even getting that far.
I'd be surprised if the problem you're having is related to any changes in the handling of VPNs because at the point you log into the Citrix site you're not using a VPN, just Windows authentication over HTTPS. Your Citrix admin should be able to check the logs on the Web Interface/Secure Gateway server to get a bit more information about what's going on behind the scenes.
Without wanting to sound patronising, it's worth checking the obvious things:
- Username & password are correct (tested on a third device)
- SecurID fob needs to be resynced
- Do you have to enter you domain name infront of your username? e.g. domain\frankc
- Caps lock isn't on
- Administrator has checked the 'Change password at next logon' box on your Active Directory account (possible if you've asked for a password reset recently)
I hope this helps in some small way
MattMonday, July 08, 2013 3:11 PM
something on the OS definitely changed
Some users are finding that some sites can't handle negotiation from TLS 1.2. Some apparently seem to need to be dropped down manually all the way to SSL 2.0. Have you tried experimenting in that area?
---Monday, July 08, 2013 4:54 PM
I am experiencing the exact same issue, though if I use another browser it works fine.
I've tried changing the browser security settings down to SSL 2.0 but no joy. I've also tried disabling enhanced protected mode, do not track and various others without success. I just can't seem to log onto Citrix using IE11 with the 8.1 update.
Like Frank, I also have the site in my trusted sites and had to enable compatibility mode to get more than a blank page. Any thoughts?Tuesday, July 09, 2013 12:49 PM
Is it only login that is the problem? Or is that just the first interaction with a particular host? It appears that User-Agent string has not been mentioned yet. So, you should try spoofing a different browser with a different UAS. The new Developer Tools make that less convenient than the old but still provide the equivalent of the old Change User Agent String dialog. In the Emulation tab, e.g. via F12, Ctrl-8.
---Tuesday, July 09, 2013 2:02 PM
Thanks for your reply Robert.
This is the first interaction with the host (HTTPS Citrix site with dual-factor authentication - RSA and Domain credentials). As you suggested I tried changing the UAS to Chrome and Firefox but neither made a difference unfortunately.
I'm really not sure what could be causing this as it worked absolutely fine on IE10 before the 8.1 upgrade, perhaps something subtle that we've not noticed.Tuesday, July 09, 2013 3:09 PM
worked absolutely fine on IE10 before the 8.1 upgrade, perhaps something subtle that we've not noticed.
FWIW I just had a problem using the Lync plug-in with IE11 and had to switch to IE10 emulation to get past it. Really weird because it was not the usual case of the site not even trying to work with the browser. Symptom was that the plug-in apparently never loaded correctly. I didn't think that IE emulation did much more than give a different UAS to the host. Perhaps that idea is wrong? Then I wish such internal differences could be documented, so we could feel that we were doing something rational and not just flipping a coin. ; }
---Wednesday, July 10, 2013 4:16 PM
I'm also experiencing this with our Citrix site, which also uses RSA two-factor authentication. Works in IE10, but not in 11. I've also tried everything mentioned above, including Compatibility Mode, InPrivate, Intranet Zone, Trusted Site Zone, disabling Protected Mode/EPM, and lowering the zone to the "Low" security settings. Other browsers still work, as well so I know it is not a token issue. Every time I get "Internal Error" after submitting the credentials. It happens on the client detection page, so I suspect it is IE mitigating the site's attempt to identify whether the Citrix Receiver is installed.
Friday, October 04, 2013 7:02 PM
- Edited by xpxp2002 Friday, October 04, 2013 7:02 PM