Citrix StoreFront and Smartcard Troubles

I recently encountered an issue when configuring Citrix StoreFront 3.6 for Smartcard PIV/CAC logon. After authenticating at StoreFront, I’d receive an error “You cannot log on using a smartcard.”. Of course, there was little to no additional information in the event or IIS log files.


After ensuring all of the Smartcard root and intermediate certificates were installed on the client device, StoreFront server, Delivery Controller server, and in the proper AD authentication stores, I finally came across the fix.

On all of the StoreFront servers, you need to create the following registry settings:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ SCHANNEL]


The source of this setting can be found here:

This setting has fixed issues such as this for several customers and it seems to be occurring more and more.

Until next time, thanks for reading.



4 thoughts on “Citrix StoreFront and Smartcard Troubles

  1. Shane, Thank you for this post.. Im deploring PIV for a customer now and we are having some issues.. I have no visibility into the Citrix environment since Im just the NetScaler engineer…. I will take this to our Citrix admins and see if this could help our situation.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s