Unable to set up SSON with Citrix Receiver

I am trying to set up Single Sign on for an HP THin Client.

Following the document at the link below, I have downloaded the latest Citrix Receiver for Windows (4.2) to a folder on the c drive called citrix.

I then run an elevated command prompt and change the directory to c:\citrix

I then run the following command:    CitrixReceiver.exe /INCLUDESSON

Nothing happens...
The cursor drops just down to another line of c:\citrix in the command window, but nothing installs...

I am logged into the the Thin Client as the Administrator.

Help! What am I doing wrong?

http://support.citrix.com/article/CTX133982
snyperjAsked:
Who is Participating?
 
Dirk KotteSECommented:
check at "citrixterminal" for a "webinterface configuration tool" or "StoreFront"
Within this configuration tool check the authentication settings.
0
 
Dirk KotteSECommented:
the installation should run.
try to start the installation without parameters. abort if the first message is visible.
works?  if not, redownload the file.
try to use correct upper and lower characrers within the setup command.
" /includeSSON. "
0
 
snyperjAuthor Commented:
Tried it, it just wont fire.  It wont even fire without the  /includeSSON parameter.

I have downloaded and re-downloaded the 4.2 CitrixReceiver file from citrix.com a couple of times.

If I use and older CitrixReceiverEnterprise.exe file (v3.4), it will run... but I was under the impression from the updated document listed above on the Citrix site, that I could configure SSO with the newest receiver 4.2- but I am starting to think that is not true?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Dirk KotteSECommented:
within Receiver 4.2 some SSO installation parameters should be enabled by default.
try to uninstall all old receivers and install the client directly from the citrix website (i use this way successfully this week).

Then you need the GPO (or corresponding registry settings) at the client.
Also you have to add the citrix webInterface/storefront/gateway url#s to the "local intranet" pages within IE.
0
 
snyperjAuthor Commented:
Ok, so I finally got it to install with the /includeSSON.   I also went into local group policy and changed all the settings listed in steps 7-12 on the below:

http://support.citrix.com/article/CTX133982 

I entered the server URL into receiver, committed the changes to the the Thin client, restarted the Thin Client... no SSO login box appears when I login...

getting closer, but still not there
0
 
Dirk KotteSECommented:
really working sso has no login-box.
SSo means you login to your windows-workstation (must be a domain member) and the windows logon credentials are passed to the receiver. if this works you see the username at the top of receiver.
Questions:
- your thinclient is domain-member?
- you configure the store within the receiver?

if your thinclient is not a domain-member you need username/password authentication enabled within storefront/webinterface.
please describe the behaviour a little bit more.
0
 
snyperjAuthor Commented:
Yes- I knew after I posted that ,,,that it was a little misleading.  

The Thin client is part of the domain, however I was logging in as the local Administrator, knowing that the local administrator would not authenticate and thereby causing the Citix login box would to come up because SSO would not work. So I am using that as kind of a backdoor way to see if SSO is trying to fire off.... by not getting the login box when using the local administrator account  I know that it is NOT working.  

I get that login screen on all of our Thin Clients with the 3.4 receiver installed when I login as the local Administrator.

I am clear that this is not SSO...on the 3.4 receiver clients, when a domain user logs in, the citrix apps load to the start menu...  If I login as a domain user on the 4.2 receivier clients- no apps come down.
0
 
Dirk KotteSECommented:
have you enabled SSO-logon at WI / Storefront server only?
possible you have to allow username/password logon method also.

i knew with 3.4 this was not necessary, but i see this more as a bug than a feature.
possible 4.2 need this setting to present you the logon-box.
0
 
snyperjAuthor Commented:
I am not sure how to do what you are suggesting...I am sure I have access, but not sure what you mean by

have you enabled SSO-logon at WI / Storefront server only?
 possible you have to allow username/password logon method also.

Can you give me more info please, I REALLY would like to get this working with the 4.2 receiver as this has a major impact on us going forward if I cannot get it working.  

Thanks
0
 
Dirk KotteSECommented:
do you use webinterface or storefront?
0
 
snyperjAuthor Commented:
I would guess we use the webinterface, but I am not sure exactly what the difference is?  (storefront?)

We have a XenApp 6.5 farm of 9 servers.  Our laptop users login by way of their web browser with Citrix Receiver 4.2 installed on the laptop.

Our Thin Client users pull the apps directly down to the start menu.  They have been using Citrix Receiver 3.4 but we would like to see it it can be updated to 4.2, so that all users are using 4.2 (or the latest receiver) as we move forward.
0
 
Dirk KotteSECommented:
webinterface is the point the pnagent/receiver pulls the configuration.
storefront is the successor.
within booth solutions you can configure the possible logon variants.

tomorrow i will try something with the logon options ...
0
 
snyperjAuthor Commented:
OK, I appreciate your help!
0
 
snyperjAuthor Commented:
dkotte, anxious to know if you have other suggestions to try?  Thanks.
0
 
Dirk KotteSECommented:
it works at my installation. i am unable to create a configuration where the authentication dialogue don't occur.

i would suggest to check the authentication settings within webinterface configuration tool.
goto service-site, select correct site (if there are more than one) and check the authentication settings.
There are checkboxes for "explicit" (username/password), "pass-through" and some other.
check "explicit".
0
 
snyperjAuthor Commented:
I am not familiar with what you mean by webinterface configuration tool?

Is that the same as AppCenter?
0
 
snyperjAuthor Commented:
I think I found it, but the webinterface does not seem to be configured because I think I should see access to it below , correct?  I don't know, I am confused.  Everything worked great with Receiver 3.4, just cant get it to work with 4.2 and not sure why anything has to be reconfigured just because we updated the receiver software.  So frustrated with Citrix.
xenapp.JPG
0
 
Dirk KotteSECommented:
check the settings at your thinclient.
there you have a url from where the client gets the configuration.
at this server you have run webinterface or storefront.
0
 
snyperjAuthor Commented:
The url we enter in receiver is below, (I have replaced our actual domain with 'mydomain')... is this what you mean?

http://citrixterminal.mydomain.com/Citrix/PNAgent/config.xml

I am confused though what I actually need to do or look for on citrixterminal...?
0
 
snyperjAuthor Commented:
our citrix reseller told us Citrix abandoned SSO after 3.4, which explains why I cant get it to work.  Disappointing, but thanks anyway.
0
 
Dirk KotteSECommented:
the reseller statement is not fully correct i think ...
I use receiver 4.2 with SSO and explicit (username/password) authentication from netscaler gateway.

See the install parameters, there are the SSO options.  
http://support.citrix.com/proddocs/topic/receiver-windows-42/receiver-windows-cfg-command-line-42.html#receiver-windows-cfg-command-line-42
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.