Citrix Receiver client, and Citrix Workspace connections fail when the computer is configured to use the Web Security Service (WSS) through the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) feature.
Citrix client connections sent through the WSS via WTR contain authentication header information that the Citrix server may reject.
There are multiple solutions for this problem. The solution you choose to implement will depend on your organization's policies and preferences. To allow Citrix Receiver and Citrix Workspace clients to connect on computers running SEP WTR do one of the following: