Troubleshooting Citrix Pass-Through Authentication
Article ID: CTX368624
Updated On:
Description
This article outlines workarounds and resolutions to specific Citrix pass-through authentication issues.
Common Pass-Through Authentication Issues and Inquiries
Refer to the following links for information on common pass-through authentication issues and inquiries:
-
Citrix Docs - Enabling Pass-Through Authentication
-
CTX133982 - How to Manually Install and Configure Citrix Receiver for Pass-Through Authentication
-
CTX129762 – Single Sign On (Pass-through Authentication) Fails Intermittently
-
CTX134280 – How to Deploy Citrix Receiver for Pass-Through Authentication Using Active Directory Group Policy
Specific Pass-Through Authentication Issues
Refer to the following links for information on specific pass-through authentication issues:
Ensure that the issue is not specific to client version. Attempt to upgrade or downgrade the client.
Pass-Through Authentication Does Not Work When Using Any Version of the Win32 Clients Embedded in an HTML File
When creating an HTML file using either the Published Application Manager in MetaFrame 1.8 or Citrix Management Console in MetaFrame XP to embed an ICA connection, the local credentials cannot be passed from Single Sign-On to the session inside the web browser.
This is by design. The wfica32.exe file first verifies for two true conditions before launching a connection with the .ica file. The wfcrun32.exe is present in the ICA client directory and if it is being called from a web browser, the wfica32.exe launches the connection directly. Otherwise, wfcrun32.exe is launched and passes the parameters to establish the session. To use Single Sign-On, the wfcrun32.exe must be executable to launch the connection.
Other methods of using a web browser and Single Sign-On are available by using NFuse 1.7 or later and the desktop credential pass-through feature.
To reproduce the issue:
-
Using Published Application Manager or Citrix Management Console, create an HTML file and choose the embedded method.
-
Add the settings to the ICA file to enable Single Sign-On from an ICA file. See How to Enable Pass-Through Authentication Within an ICA File.
-
Open the HTML page either locally or from a web server. The Winlogon dialog box appears.
-
Open the ICA file; the credentials are automatically passed through.
How to Enable Pass-Through Authentication Within an ICA File
If Presentation Server Client version 10.x or later is used, do NOT complete the following procedure. See CTX113004 – How to Configure Single Sign-on for Web Interface Using Version 10, 11, and 12x Plug-ins.
To enable pass-through authentication within an ICA file, complete the following procedure:
Note: The following steps assumes that the user-specific profiles are being used on the client workstations and running Windows 9x/ME/2000/XP operating systems.
-
In the Appsrv.ini file of the user profile, add the following lines at the end of the [wfclient] section:
SSOnUserSetting=On
EnableSSOnThruICAFile=On -
To use the .ica file, add the following line in the Application section (this is the section where all the settings like resolution or encryption are stored):
UseLocalUserAndPassword=On
Note: This change has to be made individually to the Appsrv.ini file for each user. Users must have the full Program Neighborhood Client installed and have Use Local Username and Password selected for logon in the ICA Settings menu.
Example:
[ApplicationServers] notepad1= UseLocalUserAndPassword=On (incorrect location) [notepad1] Address=notepad1 InitialProgram=#notepad1 ClientAudio=On AudioBandwidthLimit=2 Compress=On TWIMode=On DesiredHRES=640 DesiredVRES=480 DesiredColor=2 TransportDriver=TCP/IP WinStationDriver=ICA 3.0 UseLocalUserAndPassword=On (correct location)
Pass-through authentication fails when store has a farm name similar to the DNS A records in DNS
The store has a farm name similar to the DNS A records in DNS and this name pointed to a public IP address. To resolve this issue change the farm name.
Additional Resources
Refer to the Citrix Knowledge Center Highlights: App Virtualization & VDI (July Edition) for more information.
Issue/Introduction
