Advertisements

Web Interface 5.4 and XenApp 6.5 pass-through authentication

There is stuff about this all over the web.  After collecting a lot of data from various sources I figure I put it all together in a simple to follow set of instructions.

Problem: 

You configure pass-through authentication in Web Interface, but while it works through the login page, you find that you are promoted to enter credentials via the XenApp 6.5 server’s Windows 2008 R2 login screen when launching a published application.

I was able to test this with all Citrix Receivers (3.0, 3.1, 3.2)

  • Lets start with the WI settings and make sure you set you have one of your Authentication Methods to Pass-Through.  In my case, I also selected Explicit to allow users to authenticate as another account if needed.

  • Next simply install the Citrix Receiver 3.x and reboot
  • Once the system is back up, make sure the Citrix SSO service is running.

The hard part is done, unless your AD person is named Omar.

Now lets get that Citrix Client ADM imported so we can create a GPO to allow this.  In the example below I did this based on a computer policy.

  • From a computer that is installed with the Receiver client, open the Group Policy Object Editor. Click on Start > Run and enter gpedit.msc.
  • In the Group Policy Object Editor, right-click Administrative Templates.
  • Click Add/Remove Templates.
  • Browse to the C:\Program Files\Citrix\ICA Client\Configuration folder and add the icaclient.adm file.

  • Expand Computer Configuration > Administrative Templates > Citrix Components > Presentation Server Client > User Authentication.
  • On the right pane, select Local User name and password.
  • Right-click and enable the policy for pass-through authentication. This policy is applied to all users logging on to this workstation.
  • To apply GPO settings on a per-user basis, configure the settings under User Configuration. Expand User Configuration > Administrative Templates > Citrix Components.

  • Run GPupdate on the workstation to apply the policy immediately.  Since this is a Comp policy you may have to reboot.
  • Log off and log on again.
  • Check the Task Manager on the workstation to verify that the ssonsvr.exe process is running.
Advertisements