I know what you’re thinking; “Come on Jason! Do we really need another article, whitepaper or guide on how to enable pass-through authentication?”. Well… yes we do. Here is why:
There are several resources out there on Citrix.com as well as other third-party sites on this topic. However it seems like none of them spell out clearly exactly what needs to be done, especially with XenDesktop 7.5 relying so heavily on PowerShell for advanced configuration. Every time I try to enable this feature for one of my customer I run into problems. So, I created this quick step-by-step guide on how to successfully enable pass-through authentication for the full Citrix Receiver with XenDesktop or XenApp, making your customers (and their users) very happy. Especially when their applications then “magically” appear in their Receiver client window and/or in their Windows Start Menu.
- Install Citrix Receiver 3.4 or higher with the /includeSSON switch. Optionally, the STORE= command switch can be included as well (to avoid the user from having to enter the store name). In my opinion, Receiver 3.4 should be the minimum version used because of some bug fixes included in 3.4 specific to pass-through authentication scenarios. I prefer using Receiver 4.1 if given the choice.
- CitrixReceiver.exe /includeSSON STORE0=(store name);https://(StoreFront server DNS name)/citrix/(store name)/discovery
- To add up to 10 StoreFront stores, additional STORE1 through STORE9 entries can be added to the command line if desired.
- When completed, check to see that pass-through authentication was successfully enabled by starting Citrix Receiver and confirming that the ssonsvr.exe process is also running.
- Open gpedit.msc.
- Right click on Computer Configuration > Administrative Templates and select Add/Remote Templates.
- Add the c:\Program Files\Citrix\ICA Client\Configuration\icaclient.adm template.
- Choose the Local user name password setting.
- Select Enabled.
- Select Enable pass-through authentication.
- Select Allow pass-through authentication for all ICA connections.
- Click Ok.
- Reboot the VDA Desktop gold image.
- This process is outlined here: http://support.citrix.com/article/CTX133982
- If not already loaded, load the Citrix cmdlets by typing asnp Citrix*. (do not forget to include the period). Press Enter.
- Then type Add-PSSnapin citrix.broker.admin.v2 and press Enter.
- Then type Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $True and press Enter.
- Close PowerShell.
NOTE: In this example, the above Receiver installation, application of computer policy and configuration of a trusted site on the client OS are all done manually. All of these steps can be automated through Active Directory group policy to make things easier. This automation process is outlined here: http://support.citrix.com/article/CTX134280.
The Receiver 3.4 Command Line reference can be found here:
The Receiver 4.1 Command Line reference can be found here:
NOTE: The Receiver 3.4 Command Line reference is different from the Receiver for Enterprise 3.4 Command Line Reference. This article does not apply to the Receiver for Enterprise client.