When using the Citrix Receiver in combination with the Citrix Web Interface and Pass-through authentication, in some scenarios the following screen pops-up and Pass-through is not functioning correctly:
To get Pass-through working correctly, the following settings must be set.
This can be done using a Group Policy Object, or locally using the Local Computer Policy.
In this example I am going to use the Local Computer Policy.
Install the Citrix Receiver Enterprise using the command line: | CitrixReceiverEnterprise.exe /silent /includeSSON ADDLOCAL=”ReceiverInside,ICA_Client,AM,SELFSERVICE, SSON,USB,DesktopViewer,Flash,PN_Agent,Vd3d” SERVER_LOCATION= https://server/Citrix/PNagent/config.xml ENABLE_SSON=”YES” |
Open GPedit.mscExpand Computer Configuration, Administrative Templates |
|
Right-click on Administrative TemplatesSelect Add/Remove Templates… |
|
Click on Add |
|
Open C:\Program Files (x86)\Citrix\ICA Client\Configuration\icaclient.adm | ![]() |
Click on Close |
|
Expand Computer Configuration, Administrative Templates, Classic Administrative Templates, Citrix Components, Citrix Receiver |
|
Expand User Authentication | ![]() |
Open Kerberos authentication |
|
Change the following values: Check Enabled Click Ok |
![]() |
Open Local User name and password |
|
Change the following values:Check Enabled Check Enable pass-through authentication Check Allow pass-through authentication Click Ok |
![]() |
Open Web Interface authentication ticket |
|
Change the following values: Check Enabled Check Legacy ticket handling Check Web Interface 4.5 and above Click Ok |
![]() |
If you use a Smart card for pass-through authentication, open Smart card authentication
Check Enabled Check Allow smart card authentication Check Use pass-through authentication for PIN Click Ok |
![]() |
The next step is to set the Web Interface as trusted site | |
In GPedit.msc expandWindows Components/Internet Explorer/Internet Control Panel/Security Page |
|
Open Site to Zone Assignment List
Check Enabled Click Show Under Value Name add the address of the web interface siteUnder Value add the value 2 Value 2 represents the Local Intranet zone, this zone has the correct privileges for pass-through authentication. Click Ok Click Ok |
![]() |
The next step is to check if Pass-through is enabled on the XenApp web site. | |
Open the Citrix Web Interface Management Console Click XenApp Web Sites Click Authentication Methods Make sure that Pass-through is selected. |
![]() ![]() |
Now you can test the pass-through functionality by opening the Web Interface website. |
Can’t get the solution to work? Contact me and let me do the trick.
No responses yet