When using the Citrix Receiver in combination with the Citrix Web Interface and Pass-through authentication, in some scenarios the following screen pops-up and Pass-through is not functioning correctly:
To get Pass-through working correctly, the following settings must be set.
This can be done using a Group Policy Object, or locally using the Local Computer Policy.
In this example I am going to use the Local Computer Policy.
| Install the Citrix Receiver Enterprise using the command line: | CitrixReceiverEnterprise.exe /silent /includeSSON ADDLOCAL=”ReceiverInside,ICA_Client,AM,SELFSERVICE, SSON,USB,DesktopViewer,Flash,PN_Agent,Vd3d” SERVER_LOCATION= https://server/Citrix/PNagent/config.xml ENABLE_SSON=”YES” |
| Open GPedit.mscExpand Computer Configuration, Administrative Templates |
|
| Right-click on Administrative TemplatesSelect Add/Remove Templates… |
|
| Click on Add |
|
| Open C:\Program Files (x86)\Citrix\ICA Client\Configuration\icaclient.adm |  |
| Click on Close |
|
| Expand Computer Configuration, Administrative Templates, Classic Administrative Templates, Citrix Components, Citrix Receiver |
|
| Expand User Authentication |  |
| Open Kerberos authentication |
|
| Change the following values: Check Enabled Click Ok |
 |
| Open Local User name and password |
|
| Change the following values:Check Enabled Check Enable pass-through authentication Check Allow pass-through authentication Click Ok |
 |
| Open Web Interface authentication ticket |
|
| Change the following values: Check Enabled Check Legacy ticket handling Check Web Interface 4.5 and above Click Ok |
 |
| If you use a Smart card for pass-through authentication, open Smart card authentication
Check Enabled Check Allow smart card authentication Check Use pass-through authentication for PIN Click Ok |
 |
| The next step is to set the Web Interface as trusted site | |
| In GPedit.msc expandWindows Components/Internet Explorer/Internet Control Panel/Security Page |
|
| Open Site to Zone Assignment List
Check Enabled Click Show Under Value Name add the address of the web interface siteUnder Value add the value 2 Value 2 represents the Local Intranet zone, this zone has the correct privileges for pass-through authentication. Click Ok Click Ok |
 |
| The next step is to check if Pass-through is enabled on the XenApp web site. | |
| Open the Citrix Web Interface Management Console Click XenApp Web Sites Click Authentication Methods Make sure that Pass-through is selected. |
  |
| Now you can test the pass-through functionality by opening the Web Interface website. |
Can’t get the solution to work? Contact me and let me do the trick.
No responses yet