Adam.birds: Created page with "'''To enable and set-up Pass Through Authentication in Citrix XenDesktop 7.8 complete the following:''' ==Delivery Controller Settings== Run the following on a delivery contr..."

2016-04-28T10:31:33Z

Created page with "'''To enable and set-up Pass Through Authentication in Citrix XenDesktop 7.8 complete the following:''' ==Delivery Controller Settings== Run the following on a delivery contr..."

New page

'''To enable and set-up Pass Through Authentication in Citrix XenDesktop 7.8 complete the following:'''

==Delivery Controller Settings==
Run the following on a delivery controller from a Windows Powershell Prompt as an Administrator:

<pre>
asnp Citrix*
Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $True
</pre>

==Citrix Receiver Settings==

When installing Receiver on a VDI ensure you click the '''Enable Single Sign-On''' check box as below:

[[File:ReceiverSSO.png]]

To verify that SSON is installed, go to '''C:\Program Files (x86)\Citrix\ICA Client''' and look for the file '''ssonsvr.exe'''.

[[File:SSONSVRexe.png]]

And if you open regedit and go to '''HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order''', you should see '''PnSson''' in the '''ProviderOrder'''.

[[File:RegeditPnSson.png]]

Install the '''receiver.admx''' (and '''.adml''') template into '''PolicyDefinitions''' if you haven’t already by following this [[Citrix Install Receiver ADMX Templates|guide]].

Edit a GPO that is applied to the client PCs where the Citrix Receiver is installed.

Go to '''Computer Configuration''' > '''Policies''' > '''Administrative Templates''' > '''Citrix Components''' > '''Citrix Receiver.'''

Expand '''Citrix Receiver''' and click '''User authentication.'''

On the right, double-click '''Local user name and password.'''

[[File:GPOCitrixReceiver.png]]

Select '''Enabled''' and then check the box next to '''Allow pass-through authentication for all ICA connections.''' Click '''OK.'''

[[File:GPOCitrixReceiverEdit.png]]

Ensure that the internal StoreFront FQDN is in the Local Intranet Zone in Internet Explorer as below.

[[File:TrustedSite.png]]

Local Intranet zone should have '''Automatic Logon only in Intranet Zone''' enabled.

[[File:IntranetZone.png]]

You can use a '''GPO''' to configure this on the client side There is a group policy setting at '''User Configuration''' > '''Policies''' > '''Administrative Templates''' > '''Windows Components''' > '''Internet Explorer''' > '''Internet Control Panel''' > '''Security Page''' > '''Site to Zone Assignment List''' that can be used to put Internet sites in Internet Explorer security zones.

To set these you need to navigate to '''User Configuration''' > '''Policies''' > '''Administrative Templates''' > '''Windows Components''' > '''Internet Explorer''' > '''Internet Control Panel''' > '''Security Page''' > '''Site to Zone Assignment List''' and double-click it. Then click '''enabled.'''

[[File:SiteToZoneAssignmentList.png]]

You then need to click '''Show''' and then enter the '''StoreFront FQDN''' on the '''left''' and then enter the number '''2''' on the '''right''' side.

[[File:SiteToZoneAssignmentListEdit.png]]

If the '''Storefront URL''' is using '''HTTP''' then we will also need the following settings:

Click '''Start''' and enter '''regedit'''

Navigate to '''HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\'''

[[File:ReceiverRegedit.png]]

Navigate to '''Dazzle''' and set the '''AllowAddStore''' value to '''A''' to allow users to add '''non-secure stores.'''

[[File:AllowAddStore.png]]

Also set the '''AllowSavePwd''' value to '''A''' to allow users to '''save their passwords for non-secure stores.'''

[[File:AllowSavePwd.png]]

Then navigate to '''AuthManager''' and add the following value to allow you to add a store that is configured in StoreFront with a '''TransportType''' of '''HTTP:'''

<pre>
Name: ConnectionSecurityMode
Value Type: REG_SZ
Value: Any
</pre>

[[File:ConnectionSecurityMode.png]]

Exit and restart Receiver.

'''These can again be applied by a GPO.'''

This completes the setting required for Citrix Receiver.

==Storefront Settings==

'''We need to enable domain pass-though authentication for the store by doing the following:'''

Click '''Manage Authentication Methods.'''

[[File:StorefrontPassThru.png]]

We then need to tick both '''Username and Password''' and '''Domain Pass-Through''' and then click '''Ok.'''

[[File:DomainPassThru.png]]

==Studio Settings==

Navigate to '''Storefront''' within studio.

[[File:StudioNavigation.png]]

Click '''Add Storefront Server'''

[[File:AddStorefrontServer.png]]

Add the requested settings in. The important setting is the '''URL''' which should be entered in the following format:

<pre>
http://example.com/Citrix/Store/discovery
</pre>

[[File:StorefrontDetails.png]]

[[Category:Citrix]]
[[Category:Group Policy]]
[[Category:Windows]]
[[Category:Contents]]

Citrix Pass Through Authentication - Revision history

Adam.birds: Created page with "'''To enable and set-up Pass Through Authentication in Citrix XenDesktop 7.8 complete the following:''' ==Delivery Controller Settings== Run the following on a delivery contr..."