Jump to content
Welcome to our new Citrix community!
  • 0

Windows Hello certs passed in the ICA session

Daniele Fiore1709159100


hello guys,


i have a tricky topic to submit a question for : on our W10 physical endpoint devices we have Windows hello certs enrolled.
We have the same enrolled on our W10 VDIs and only on VDI we have the reg keys to block the certs hook.

Physical endpoint with hello certs =>ica to VDI : the hello certs are not passed in the session =>The VDI uses his own certs and this is OK

Physical endpoint with hello certs =>ica to VDI =>ica to an app from the VDI : the hello certs of the BARE METAL endepoint are passed in the session to the App=>we cannot explain how could this be happening.

Is there a possible explanation for you guys?
Note : ica in ica is not the best, however we have some usecases where this is needed in our company.

Many thanks in advance for your support.


Link to comment

1 answer to this question

Recommended Posts

  • 0

Hi Daniele,


did you ever find a solution or a reason why Windows Hello is passed to the 2nd ICA Session?

I have a very similar problem. Windows 10/11 Bare Metal with Windows Hello Pin or Fingerprint. Logon to ICA is working fine, but when using ICA in ICA somehow the Authentication Method from the Bare Metal is used to authenticate on the 2nd ICA Session and Fails with a wrong PIN Message. I can Only reproduce this behavior when no NetScaler Gateway is involved in the First ICA connection.







Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...