--= Environment =--
- One server, MPS 4.0 on W2k3
- Connecting via web interface (separate WI server) or PNa (pna site local on server/joined to same domain as clients)
- Clients Deployed: PNa 9.150, Web 9.150, Java client (mac)
--= Situation =--
Clients connecting to Citrix using various clients. User login scripts are via AD user profile (not GPO). Login script runs fine when clients login to their local PCs, or when they connect to Citrix via the web interface (local client or java). However, when the clients connect via the Program Neighborhood Agent - no login script runs. This is true for ALL users connecting via PNA. We are using pass-through authentication.
Users can navigate to the NETLOGON share and launch the script manually and the network drives appear. However it will never launch automatically.
I have tried with various batch files to test (using PAUSE command to see if I get the DOS command window) but we use ScriptLogic in production. ScriptLogic is configured to run create a trace file/log, so I am able to obtain this file once I launch the script manually.
The trace file tells me that my "User's Privilege (domain) = Guest". The same user logging in using the web interface generates the trace file automatically when the script runs (as it should), and the same line reads "User's Privilege (domain) = User". Obviously the issue has something to do with PNa/pass-through because that is the only difference I can see between WI/PNa.
I spoke with ScriptLogic and they said this was the reason why the script was not running. But admittedly since I can't get even a batch file to run it is not their product causing the issue.
So my question is this - Why would my login script not run for a user via PNa, but run fine via the web interface? Do these two methods have different security implications that would cause me to be seen as a domain guest upon login to Citrix?