Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7474
  • Last Modified:

Citrix single sign on / pass-thru authentication prompts for credentials

I have a Windows XP SP2 client trying to connect to a published app on a Windows 2003 server running Citrix Metaframe XPe using the local user name and password with pass-thru authentication.  PASS-THRU AUTHENTICATION WORKS ON EVERY SINGLE COMPUTER EXCEPT THIS ONE.  I've checked the following:

* Ensured that ICA Settings/General tab, "Pass-Through Authentication" and "Use local credentials to log on" are both checked.

* Ensured that Properties/Logon Information tab, "local user" radio button is selected and that "Pass-through Authentication" is checked.

* Confirmed that there are no local policies blocking this feature.  Changed local policy object Local Computer Policy / Computer Configuration / Administrative Templates / Citrix Components / Presentation Server Client / User Authentication / Local user name and password from "Not Configured" to "Enabled" to lock in pass-through authentication, denying the user the ability to change this to user-specified credentials.

* In separate tests, added the following lines to the C:\Documents and Settings\%username%\Application Data\ICAClient\appsvr.ini file.

EnableSSOnThruCAFile=On  to the WFClient portion of appsrv.ini.    
SSOnUserSetting=On was already in there.

0
zaphod_beeblerox
Asked:
zaphod_beeblerox
2 Solutions
 
Ron9909Commented:
Could you check the properties of the ICA connection through the Citrix Connection Configuration utility and make sure that the 'prompt for password' check box is cleared?  Inherit user config should be checked there also.

I know you said you've checked the policy, but can you also check under:
Computer Config > Administrative Templates > Windows Components > Terminal Services > Encryption and Security as there is a further option here for prompt user on connection.
0
 
zaphod_beebleroxAuthor Commented:
Thank you Ron9909, but that setting is already set to Not Configured.
Upon further investigation, I found that ssonsvr.exe was not running and was not starting.  

I eventually found that the Intel wireless software was causing the problem. I fixed it by changing the order of the items in the following registry keys:

HKLM\System\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
and
HKLM\System\CurrentControlSet\Control\NetworkProvider\HWOrder\ProviderOrder

The setting had been:

RDPNP,LanmanWorkstation,WebClient,IntelNetProvCredMan,PnSson

and I changed it to:

RDPNP,LanmanWorkstation,WebClient,PnSson,IntelNetProvCredMan

After logging off and logging back on, ssonsvr.exe started successfully, and pass-thru worked!

It appears that you can also change the Provider Order by going into Network Connections. Select Advanced...Advanced settings, then Provider Order tab and move Citrix single sign on higher up.
0
 
jcneil4Commented:
Thank you zaphod_beeblerox!!!  This has been plaguing me for a long time and i couldnt figure it out!  This worked like a charm ;-)
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now