We have a XenApp 6.5 (RP5) Farm running on Win Server 2008 R2 hosts. These are running Published Desktops & Apps.
The hosts running the published desktops have the receiver installed so users can launch their role specific apps from inside their published desktop.
Once a users published desktop has logged on, the receiver starts & uses pass through authentication so all of the users shortcut apps appear. This is managed via the Citrix ICAClient ADM template which has been add into Group Policy in AD. The GPO is applied to the OU that has the XenApp hosts in it.
Recently I upgraded the receiver version on the published desktop hosts from 4.1 to 4.2. (uninstalled v4.1 using the receiver cleanup tool & installed 4.2 with the /includeSSON tag).
Coincidently I also replaced our Storefront 2.5 (Svr 2008 R2) host with a new Storefront 2.6 (Svr 2012 R2) host.
I am unsure which was the cause, but since the upgrades, the pass through authentication has broken.
I tried creating another GPO with the ADM template that is installed locally when installing receiver 4.2 & recreating the Pass through settings. Unfortunately no luck.
The only way I can achieve pass through authentication is to set it on the Storefront. However we don't want it set there. It needs to be achieved through the GPO.