This is just a quick post while i remember what ive done to solve the problem, i’ve spent quite amount of time troubleshooting this issue
and if i get the time, i will update it later on.
In my previous post, i talked about running the ica client in the userlogon script, making it possible to open files from explorer with a streamed application.
in this case, it would be nice to use Pass-Though Authentication so the user dont get prompted twice for logon credentials.
so i started playing around with it – actually spent way to many hours on something that should be pretty straight forward.
one of the first things one should do, is to reinstall the ica client as admin with the correct options like
CitrixOnlinePluginFull.exe /silent SERVER_LOCATION=”http://10.20.30.40:81″ ADDLOCAL=”ICA_Client,PN_Agent,SSON” ENABLE_SSON=”Yes”
so heres a short list of stuff to check (feel free to comment if theres more)
- Add the ica client adminstrative template for the domain and enabled pass-though & Local username password
- Checked the reg key for NetworkProvider/Order (Citrix single-SignOn needs to be in top)
- Checked that pass-though was enabled and set to default on the XenWeb servers under PNAgent service site/Config.xml
- Check that SSOnUserSetting=On in “UserProfiles\userxxx\AppData\Roaming\ICAClient\APPSRV.ini” and not Off
In my case none of the above worked, and a few days after i found this article. with a hotfix that should solve the problem
Pass-through authentication is not available when accessing a published application from within a published desktop on XenApp 5.0 servers. The user is required to provide valid credentials to launch a session within the desktop session even when pass-through authentication is enabled in the XenApp Plugin.
Another possible workaround is to enable GPO – Computer Configuration\Administrative Templates\System\Credentials Delegation
“Allow Delegating Default Credentials” – set it to Enable, leave “Concatenate OS defaults with input above” checked, and click “Show…”