Pass-through authentication to StoreFront does not work when starting XenApp published desktops.

When users log on to the client workstation with Windows Active Directory (AD) credentials, the Receiver starts and successfully passes the user credentials to the configured Store and displays available applications and desktops. If an application is started, user credentials are also passed to the XenApp server. If a published desktop is started, Desktop Viewer is automatically invoked and users see a Windows prompt from the server to authenticate.

Steps to Reproduce

To reproduce the issue, complete the following steps:

1. Add XenApp 6.5 in StoreFront.

2. Enable Pass-through in StoreFront.

3. Install Citrix Receiver (Not Enterprise) on Windows7 Client machine with /includeSSON option.

4. Enable user authentication pass-through in group policy on the client.

5. When starting a published desktop (through Self-service plugin), Desktop Viewer is started and the user is prompted for their credentials.

To resolve the issue enable the setting “Allow pass-through authentication for all ICA connections” to allow pass-through authentication for Desktop Viewer connections (although not necessary for non-Desktop Viewer connections).

Without “Allow pass-through authentication for all ICA connections” setting, pass-through works for seamless applications, but not with Desktop Viewer.