Citrix - Login Script Not Running via Program Neighborhood Agent... Works great when logging in via Citrix Web Interface

Posted on 2006-06-07
Last Modified: 2008-01-09

--= Environment =--
- One server, MPS 4.0 on W2k3
- Connecting via web interface (separate WI server) or PNa (pna site local on server/joined to same domain as clients)
- Clients Deployed: PNa 9.150, Web 9.150, Java client (mac)

--= Situation =--

Clients connecting to Citrix using various clients.  User login scripts are via AD user profile (not GPO).  Login script runs fine when clients login to their local PCs, or when they connect to Citrix via the web interface (local client or java).  However, when the clients connect via the Program Neighborhood Agent - no login script runs.  This is true for ALL users connecting via PNA.  We are using pass-through authentication.

Users can navigate to the NETLOGON share and launch the script manually and the network drives appear.  However it will never launch automatically.

I have tried with various batch files to test (using PAUSE command to see if I get the DOS command window) but we use ScriptLogic in production.  ScriptLogic is configured to run create a trace file/log, so I am able to obtain this file once I launch the script manually.

The trace file tells me that my "User's Privilege (domain) = Guest". The same user logging in using the web interface generates the trace file automatically when the script runs (as it should), and the same line reads "User's Privilege (domain) = User".  Obviously the issue has something to do with PNa/pass-through because that is the only difference I can see between WI/PNa.

I spoke with ScriptLogic and they said this was the reason why the script was not running.  But admittedly since I can't get even a batch file to run it is not their product causing the issue.

So my question is this - Why would my login script not run for a user via PNa, but run fine via the web interface? Do these two methods have different security implications that would cause me to be seen as a domain guest upon login to Citrix?
Question by:NYtechGuy
    LVL 4

    Expert Comment

    Have you tried logging on via RDP?  Do the login scripts run?

    If you turn passthough authenticatin on via Web Interface do the login scripts run?

    Honestly I see no reason why program neighborhood agent would cause this?  
    LVL 9

    Author Comment



    If I connect to the server using
    (1) RDP
    (2) Web Interface Login w/local or java client
    (3) Full Citrix ICA client the script runs and the scriptlogic trace file reports me as "user".  

    If I launch an app using the PNagent the script does not run, and the trace file sees me as a "guest".

    I see no reason either, but surmise the issue must be something around pass-through authentication because that is the only difference I can think of between a web interface login and a PNa connection.

    Thanks - Justin
    LVL 6

    Expert Comment

    We use pass-through here, and it works fine.  In the Management Console, can you check up on the apps to make sure that you've unchecked the "Allow Anonymous Connections" box?  
    LVL 9

    Author Comment



    Confirmed, the "allow anonymous.." box is unchecked for all apps.  

    The users are actually logging in as themselves, not as anon, because they are allowed to run Outlook as themselves.

    LVL 9

    Author Comment


    dmc -

    regarding your earlier question:  "If you turn passthough authenticatin on via Web Interface do the login scripts run?"

    - unfortunately this is not an option as the server is not part of the domain- which I believe is a requirement for pass-through auth.

    LVL 9

    Author Comment


    Update on testing:

    1. If I set the Program Neighborhood Agent website (which lives on the MPS server itself) to "Prompt" for credentials (instead of using pass-through) the user must manually enter their password into the PNa, but when they connect to Citrix, the domain login script DOES successfully run.

    2. Even if a domain admin connects using PNa with pass-through the login script does NOT run at all.

    Any ideas?


    LVL 9

    Accepted Solution


    Resolved on my own, please close question and refund points.


    Recreated a website in IIS, using default settings except for allowing scripts to run (which was allowed on other site).  I then created a new PNa site using the new IIS site.  The PNA site has the same settings, uses pass through, etc.

    Now when I connect my domain script runs fine.

    The issue must have been something to do with IIS passing the correct credentials through.


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, ( because one time I did this and I essentially had a bricked …
    #Citrix #POC #XenDesktop #vCenter #VMware #ESX
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now