SCCM Console Published over CITRIX not connecting - RPC_C_AUTHN_LEVEL_PKT_INTEGRITY

Question

Hello,

We have been connecting to SCCM via citrix published console and it works faster than the local installation for remote sites, even though with fairly good bandwidth. However, this has stopped working with the latest change (Hardening changes in DCOM) - https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

The error as we see every time user tries to connect to SCCM console over citrix is as below:-

"The server-side authentication level policy does not allow the user %1\%2 SID (%3) from address %4 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application."

The above talks about a manual modification but that too would not be a permanent solution to the concern as that would remain for some months only and would be permanently enabled by Microsoft.

The local installed console does not seems like an option for most of the remote sites as that is very slow to connect and use.
We have been looking for any alternate or changes which could be implemented at citrix end, to ensure this continues to connect with citrix.

Anyone faced similar concern and a possible solution to this?

Thank you in advance!

Answer 1

The best path here is to ensure that all of your systems are fully up to date with the late Windows cumulative update including the systems hosting your SMS Providers and the systems hosting the console sessions (whatever they may be).