Single Sign On (SSON) (Pass-through authentication) fails intermittently when logging on to a published desktop. After logging on to the published desktop, the user is forced to re-authenticate with the Program Neighborhood Agent. If case logon scripts are disabled, SSON does not fail.

By default, Window Server 2008 processes user Group Policy settings synchronously. Synchronous Group Policy processing might significantly decrease logon performance. To increase the logon performances, enable asynchronous Group Policy processing and apply to the affected server.

This can be found in the Group Policy Object Editor in Computer Configuration > Administrative Templates > System > Group Policy.

Set the option "Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services" to enabled.

Problem Cause

If you log on to network shares in another domain, overall logon time is increased. This interferes with the PnSSON function on the published desktop.

CTX133982 - How to Configure Citrix Receiver for Windows Pass-Through Authentication (SSON)
CTX368624 – Troubleshooting Citrix Pass Through Authentication