Beruflich Dokumente
Kultur Dokumente
I know what youre thinking; Come on Jason! Do we really need another article, whitepaper or guide on
how to enable pass-through authentication?. Well yes we do. Here is why:
There are several resources out there on Citrix.com as well as other third-party sites on this topic.
However it seems like none of them spell out clearly exactly what needs to be done, especially with
XenDesktop 7.5 relying so heavily on PowerShell for advanced configuration. Every time I try to enable
this feature for one of my customer I run into problems. So, I created this quick step-by-step guide on how
to successfully enable pass-through authentication for the full Citrix Receiver with XenDesktop or
XenApp, making your customers (and their users) very happy. Especially when their applications then
magically appear in their Receiver client window and/or in their Windows Start Menu.
1.
Install Citrix Receiver 3.4 or higher with the /includeSSON switch. Optionally, the STORE=
command switch can be included as well (to avoid the user from having to enter the store name). In my
opinion, Receiver 3.4 should be the minimum version used because of some bug fixes included in 3.4
specific to pass-through authentication scenarios. I prefer using Receiver 4.1 if given the choice.
1.
CitrixReceiver.exe /includeSSON STORE0=(store name);https://(StoreFront server
DNS name)/citrix/(store name)/discovery
2.
To add up to 10 StoreFront stores, additional STORE1 through STORE9 entries can be
added to the command line if desired.
3.
When completed, check to see that pass-through authentication was successfully
enabled by starting Citrix Receiver and confirming that the ssonsvr.exe process is also running.
2.
If necessary, add the ICA Client GPO Administrative Template to the Local Computer Policy on
the users local machine and/or in the VDA desktop gold image:
1.
Open gpedit.msc.
2.
Right click on Computer Configuration > Administrative Templates and select
Add/Remote Templates.
3.
Add the c:\Program Files\Citrix\ICA Client\Configuration\icaclient.adm template.
3.
Enable the following Local Computer GPO (Computer Configuration > Administrative
Templates > Classic Administrative Templates (ADM) > Citrix Components > Citrix Receiver >
User authentication) on the users local machine and/or in the VDA desktop gold image (pic below).
1.
Choose the Local user name password setting.
2.
Select Enabled.
3.
Select Enable pass-through authentication.
4.
Select Allow pass-through authentication for all ICA connections.
5.
Click Ok.
6.
Reboot the VDA Desktop gold image.
7.
4.
5.
6.
7.
8.
NOTE: In this example, the above Receiver installation, application of computer policy and configuration
of a trusted site on the client OS are all done manually. All of these steps can be automated through
Active Directory group policy to make things easier. This automation process is outlined here:
http://support.citrix.com/article/CTX134280.
The Receiver 3.4 Command Line reference can be found here:
http://support.citrix.com/proddocs/topic/receiver-windows-34/receiver-windows-cfg-command-line.html
The Receiver 4.1 Command Line reference can be found here:
http://support.citrix.com/proddocs/topic/receiver-windows-40/receiver-windows-cfg-command-line-40.html
NOTE: The Receiver 3.4 Command Line reference is different from the Receiver for Enterprise 3.4
Command Line Reference. This article does not apply to the Receiver for Enterprise client.