Security Tokens on XenDesktop

The use of USB Security Tokens with XenDesktop 5.6 FP1 poses some interesting challenges.  In this configuration XenDesktop was run on both Wyse Thin Clients as well as via Citrix Receiver on a PC.  The XenDesktop image would detect the USB token, a SafeNet iKey 2032; however the SafeNet application would not detect that the token was installed or read the certificate that was installed on the certificate.

After much research and testing of ideas proposed on websites regarding the way that the SafeNet application was installed or the disabling of the SmartCard service the resolution ended up being a resolution originally implemented in XenDesktop 3.0.

The following registry key needs to be changed for third party applications to access the USB Security Tokens or SmartCards.

  1. Open Regedit
  2. Browse to HKLM\Software\Citrix\CtxHook\AppInit_Dlls\Smart Card Hook
  3. Change the vale of the Flag key to “0″
  4. Restart the workstation

This change immediately resolved the issue with the SafeNet iKey 2032 token being accessed by the SafeNet Authentication Client.

Citrix Support Article: