Unable to set up SSON with Citrix Receiver

I am trying to set up Single Sign on for an HP THin Client.

Following the document at the link below, I have downloaded the latest Citrix Receiver for Windows (4.2) to a folder on the c drive called citrix.

I then run an elevated command prompt and change the directory to c:\citrix

I then run the following command:    CitrixReceiver.exe /INCLUDESSON

Nothing happens...
The cursor drops just down to another line of c:\citrix in the command window, but nothing installs...

I am logged into the the Thin Client as the Administrator.

Help! What am I doing wrong?

http://support.citrix.com/article/CTX133982
snyperjAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dirk KotteSECommented:
the installation should run.
try to start the installation without parameters. abort if the first message is visible.
works?  if not, redownload the file.
try to use correct upper and lower characrers within the setup command.
" /includeSSON. "
0
snyperjAuthor Commented:
Tried it, it just wont fire.  It wont even fire without the  /includeSSON parameter.

I have downloaded and re-downloaded the 4.2 CitrixReceiver file from citrix.com a couple of times.

If I use and older CitrixReceiverEnterprise.exe file (v3.4), it will run... but I was under the impression from the updated document listed above on the Citrix site, that I could configure SSO with the newest receiver 4.2- but I am starting to think that is not true?
0
Dirk KotteSECommented:
within Receiver 4.2 some SSO installation parameters should be enabled by default.
try to uninstall all old receivers and install the client directly from the citrix website (i use this way successfully this week).

Then you need the GPO (or corresponding registry settings) at the client.
Also you have to add the citrix webInterface/storefront/gateway url#s to the "local intranet" pages within IE.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

snyperjAuthor Commented:
Ok, so I finally got it to install with the /includeSSON.   I also went into local group policy and changed all the settings listed in steps 7-12 on the below:

http://support.citrix.com/article/CTX133982 

I entered the server URL into receiver, committed the changes to the the Thin client, restarted the Thin Client... no SSO login box appears when I login...

getting closer, but still not there
0
Dirk KotteSECommented:
really working sso has no login-box.
SSo means you login to your windows-workstation (must be a domain member) and the windows logon credentials are passed to the receiver. if this works you see the username at the top of receiver.
Questions:
- your thinclient is domain-member?
- you configure the store within the receiver?

if your thinclient is not a domain-member you need username/password authentication enabled within storefront/webinterface.
please describe the behaviour a little bit more.
0
snyperjAuthor Commented:
Yes- I knew after I posted that ,,,that it was a little misleading.  

The Thin client is part of the domain, however I was logging in as the local Administrator, knowing that the local administrator would not authenticate and thereby causing the Citix login box would to come up because SSO would not work. So I am using that as kind of a backdoor way to see if SSO is trying to fire off.... by not getting the login box when using the local administrator account  I know that it is NOT working.  

I get that login screen on all of our Thin Clients with the 3.4 receiver installed when I login as the local Administrator.

I am clear that this is not SSO...on the 3.4 receiver clients, when a domain user logs in, the citrix apps load to the start menu...  If I login as a domain user on the 4.2 receivier clients- no apps come down.
0
Dirk KotteSECommented:
have you enabled SSO-logon at WI / Storefront server only?
possible you have to allow username/password logon method also.

i knew with 3.4 this was not necessary, but i see this more as a bug than a feature.
possible 4.2 need this setting to present you the logon-box.
0
snyperjAuthor Commented:
I am not sure how to do what you are suggesting...I am sure I have access, but not sure what you mean by

have you enabled SSO-logon at WI / Storefront server only?
 possible you have to allow username/password logon method also.

Can you give me more info please, I REALLY would like to get this working with the 4.2 receiver as this has a major impact on us going forward if I cannot get it working.  

Thanks
0
Dirk KotteSECommented:
do you use webinterface or storefront?
0
snyperjAuthor Commented:
I would guess we use the webinterface, but I am not sure exactly what the difference is?  (storefront?)

We have a XenApp 6.5 farm of 9 servers.  Our laptop users login by way of their web browser with Citrix Receiver 4.2 installed on the laptop.

Our Thin Client users pull the apps directly down to the start menu.  They have been using Citrix Receiver 3.4 but we would like to see it it can be updated to 4.2, so that all users are using 4.2 (or the latest receiver) as we move forward.
0
Dirk KotteSECommented:
webinterface is the point the pnagent/receiver pulls the configuration.
storefront is the successor.
within booth solutions you can configure the possible logon variants.

tomorrow i will try something with the logon options ...
0
snyperjAuthor Commented:
OK, I appreciate your help!
0
snyperjAuthor Commented:
dkotte, anxious to know if you have other suggestions to try?  Thanks.
0
Dirk KotteSECommented:
it works at my installation. i am unable to create a configuration where the authentication dialogue don't occur.

i would suggest to check the authentication settings within webinterface configuration tool.
goto service-site, select correct site (if there are more than one) and check the authentication settings.
There are checkboxes for "explicit" (username/password), "pass-through" and some other.
check "explicit".
0
snyperjAuthor Commented:
I am not familiar with what you mean by webinterface configuration tool?

Is that the same as AppCenter?
0
snyperjAuthor Commented:
I think I found it, but the webinterface does not seem to be configured because I think I should see access to it below , correct?  I don't know, I am confused.  Everything worked great with Receiver 3.4, just cant get it to work with 4.2 and not sure why anything has to be reconfigured just because we updated the receiver software.  So frustrated with Citrix.
xenapp.JPG
0
Dirk KotteSECommented:
check the settings at your thinclient.
there you have a url from where the client gets the configuration.
at this server you have run webinterface or storefront.
0
snyperjAuthor Commented:
The url we enter in receiver is below, (I have replaced our actual domain with 'mydomain')... is this what you mean?

http://citrixterminal.mydomain.com/Citrix/PNAgent/config.xml

I am confused though what I actually need to do or look for on citrixterminal...?
0
Dirk KotteSECommented:
check at "citrixterminal" for a "webinterface configuration tool" or "StoreFront"
Within this configuration tool check the authentication settings.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snyperjAuthor Commented:
our citrix reseller told us Citrix abandoned SSO after 3.4, which explains why I cant get it to work.  Disappointing, but thanks anyway.
0
Dirk KotteSECommented:
the reseller statement is not fully correct i think ...
I use receiver 4.2 with SSO and explicit (username/password) authentication from netscaler gateway.

See the install parameters, there are the SSO options.  
http://support.citrix.com/proddocs/topic/receiver-windows-42/receiver-windows-cfg-command-line-42.html#receiver-windows-cfg-command-line-42
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.