Pass through Authentication not working on Citrix Receiver 4.2 with Storefront 2.6

We have a XenApp 6.5 (RP5) Farm running on Win Server 2008 R2 hosts. These are running Published Desktops & Apps.

The hosts running the published desktops have the receiver installed so users can launch their role specific apps from inside their published desktop.

Once a users published desktop has logged on, the receiver starts & uses pass through authentication so all of the users shortcut apps appear. This is managed via the Citrix ICAClient ADM template which has been add into Group Policy in AD. The GPO is applied to the OU that has the XenApp hosts in it.

Recently I upgraded the receiver version on the published desktop hosts from 4.1 to 4.2. (uninstalled v4.1 using the receiver cleanup tool & installed 4.2 with the /includeSSON tag).

Coincidently I also replaced our Storefront 2.5 (Svr 2008 R2) host with a new Storefront 2.6 (Svr 2012 R2) host.

I am unsure which was the cause, but since the upgrades, the pass through authentication has broken.
I tried creating another GPO with the ADM template that is installed locally when installing receiver 4.2 & recreating the Pass through settings. Unfortunately no luck.

The only way I can achieve pass through authentication is to set it on the Storefront. However we don't want it set there. It needs to be achieved through the GPO.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sekar ChinnakannuStaff EngineerCommented:
Did you created new site and tested? also make sure with the steps
HowzattAuthor Commented:
Followed to the letter.
The ADM template is loaded and settings configured. Just none of the settings are being deployed to the user.
Dirk KotteSECommented:
"The only way I can achieve pass through authentication is to set it on the Storefront. However we don't want it set there. It needs to be achieved through the GPO."

i think it is necessary to add the pass through authentication method at storefront.
than you can enable/disable SSO at the client via GPO.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Chris BurnsCitrix ArchitectCommented:
Dkotte's right you have to have domain pass-through authentication enabled in StoreFront.  The GPO is just to configure the client to properly leverage pass-through authentication only.  You have to have both of them configured to work.

You can follow this guide:
HowzattAuthor Commented:
Understood. So if I enable it on the Storefront, will that mean only the clients which the GP has been deployed to it will work on?
Any clients that don't have the GP settings, (eg a users home PC), it will not try to use pass through?
Sekar ChinnakannuStaff EngineerCommented:
Yes Howzatt, you are correct.
Chris BurnsCitrix ArchitectCommented:
Yes, basically on StoreFront you're choosing which authentication methods are allowed for the store.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.