-
-
Cloud Connector Standalone Citrix Secure Ticketing Authority (STA) service
-
-
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Troubleshooting
The following steps should be followed to troubleshoot FIDO2 redirection issues:
-
Check system requirements
- Validate system requirements are being met for FIDO2 redirection based on the official Citrix documentation.
-
Verify device connection
-
For physical FIDO2 keys:
- Ensure the FIDO2 key is correctly inserted and visible on the client endpoint.
- Use your operating system device manager (e.g., Device Manager on Windows, System Information on macOS) to confirm the device is recognized and functioning.
- If the device is not detected:
- Try reinserting the key or using a different USB port.
- Test the key on another device to rule out hardware issues.
-
For built-in authenticators (ex. Windows Hello, etc.) -
- Confirm the feature is enabled and configured on your client device.
-
This is important because if the client device does not recognize the FIDO2 key, Citrix cannot redirect it to the HDX session.
-
-
Verify Citrix policy settings and configuration
-
Review FIDO2/WebAuthn redirection and USB redirection settings in your Citrix policies.
- FIDO2 redirection policy is enabled.
- If EdgeWebView2 or custom desktop applications are being used, appropriate file paths are added in the FIDO2 Allowed Processes policy setting.
- No device rules are set for FIDO2 keys to redirect the device using generic USB redirection.
-
If Citrix components have been updated recently, verify that your configuration aligns with the new versions.
-
-
Use HDX Monitor for Diagnostics
-
Launch an HDX session and open the web browser or the UWP application and navigate to the authentication page.
-
Select the sign in method as security key or Webauthn or FIDO2. You should see a dialog prompt from the wfica32.exe process as a result of the FIDO2 call being redirected (see attached screenshot). If this isn’t the case:
- Ensure that the key is not being redirected using the generic USB virtual channel. If the key is redirected inside the HDX session, you will likely see a dialog prompt that says “Insert your security key into the USB port”. To resolve this, disable USB redirection or ensure that the security key is not redirected inside the HDX session.
- Open HDX Monitor in the HDX session and navigate to the FIDO2 - Webauthn Redirection node.
- Ensure that the FIDO2 Allow Redirection policy is set to True and the application that requires FIDO2/WebAuthn authentication is listed in the FIDO2 Redirection Hooked Applications. If the application is not present, add it to the appropriate registry location based on the information in the advanced configuration.
- Ensure that the full path of the applications that require FIDO2/WebAuthn authentication are listed in the FIDO2 Allowed Processes Studio Policy. If the full path is not present, add it to the FIDO2 allowed processes policy setting in Studio. For additional information, reference the configurations section.
- (Legacy) If FIDO2 redirection is configured using the legacy based registry settings, ensure that the full path of the applications that require FIDO2/WebAuthn authentication are listed in the FIDO2 Allowed Processes registry setting. If the full path is not present, add it to the FIDO2 allowed processes policy setting in Studio. For additional information, reference the configurations section.
-
Note:
If you do not already have HDX Monitor installed on your session host, you can install it from the Support folder of the Citrix Virtual Apps and Desktops installer.
-
Collect logs and contact technical support
-
If the issue persists after following the above steps -
- Collect HDX Monitor output, Citrix Workspace App and VDA CDF logs.
- Document all troubleshooting steps you have taken and any error messages encountered.
- Contact your IT support team or Citrix Support, providing the collected information for faster resolution.
-
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.