Solved

Citrix single sign on / pass-thru authentication prompts for credentials

Posted on 2008-10-15
3
7,462 Views
Last Modified: 2008-10-21
I have a Windows XP SP2 client trying to connect to a published app on a Windows 2003 server running Citrix Metaframe XPe using the local user name and password with pass-thru authentication.  PASS-THRU AUTHENTICATION WORKS ON EVERY SINGLE COMPUTER EXCEPT THIS ONE.  I've checked the following:

* Ensured that ICA Settings/General tab, "Pass-Through Authentication" and "Use local credentials to log on" are both checked.

* Ensured that Properties/Logon Information tab, "local user" radio button is selected and that "Pass-through Authentication" is checked.

* Confirmed that there are no local policies blocking this feature.  Changed local policy object Local Computer Policy / Computer Configuration / Administrative Templates / Citrix Components / Presentation Server Client / User Authentication / Local user name and password from "Not Configured" to "Enabled" to lock in pass-through authentication, denying the user the ability to change this to user-specified credentials.

* In separate tests, added the following lines to the C:\Documents and Settings\%username%\Application Data\ICAClient\appsvr.ini file.

EnableSSOnThruCAFile=On  to the WFClient portion of appsrv.ini.    
SSOnUserSetting=On was already in there.

0
Comment
Question by:zaphod_beeblerox
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Assisted Solution

by:Ron9909
Ron9909 earned 100 total points
ID: 22733965
Could you check the properties of the ICA connection through the Citrix Connection Configuration utility and make sure that the 'prompt for password' check box is cleared?  Inherit user config should be checked there also.

I know you said you've checked the policy, but can you also check under:
Computer Config > Administrative Templates > Windows Components > Terminal Services > Encryption and Security as there is a further option here for prompt user on connection.
0
 

Accepted Solution

by:
zaphod_beeblerox earned 0 total points
ID: 22736653
Thank you Ron9909, but that setting is already set to Not Configured.
Upon further investigation, I found that ssonsvr.exe was not running and was not starting.  

I eventually found that the Intel wireless software was causing the problem. I fixed it by changing the order of the items in the following registry keys:

HKLM\System\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
and
HKLM\System\CurrentControlSet\Control\NetworkProvider\HWOrder\ProviderOrder

The setting had been:

RDPNP,LanmanWorkstation,WebClient,IntelNetProvCredMan,PnSson

and I changed it to:

RDPNP,LanmanWorkstation,WebClient,PnSson,IntelNetProvCredMan

After logging off and logging back on, ssonsvr.exe started successfully, and pass-thru worked!

It appears that you can also change the Provider Order by going into Network Connections. Select Advanced...Advanced settings, then Provider Order tab and move Citrix single sign on higher up.
0
 
LVL 1

Expert Comment

by:jcneil4
ID: 25026598
Thank you zaphod_beeblerox!!!  This has been plaguing me for a long time and i couldnt figure it out!  This worked like a charm ;-)
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question