I’m sure there’s probably some documentation out there for setting up Citrix XenDesktop 5.5 virtual desktops with Citrix Receiver for pass-through authentication for XenApp 6.5 published applications but I sure couldn’t find a single documentation that had all of the information and since I’m bound to come across this again, I thought I’d document the steps I went through to get it working. Interestingly enough, I received mixed information about whether this would work or not even though I knew it was supposed to since this is Citrix’s best practice—set up your XenDesktop virtual desktops and stream what applications you could to the virtual desktop so you’re just updating the applications from your XenApp servers rather than the virtual desktop image itself. Anyways, I originally placed a call into Citrix when I kept getting prompted for credentials within my virtual desktop:
The support engineer told me this was expected behavior but I was almost certain it wasn’t and that it was a misconfiguration so I reached out to another presales engineer I work with from Citrix and he told me that it should work. So after fiddling around with the configuration, I finally got pass-through authentication to work and the following highlights the steps:
Step 1 – Set up your virtual desktop master image:
Ensure that your XenDesktop virtual desktop has the correct Citrix Receiver. The XenDesktop 5.5’s VDA agent installs bundles the correct one but it doesn’t hurt to double check to ensure you have the correct Enterprise version. More information can be found in one of my previous posts here: http://terenceluk.blogspot.com/2012/01/citrix-xenapp-65-pass-through.html
Once the Citrix Receiver has been installed, make sure the service ssonsvr.exe process is running on the virtual desktop:
Step 2 – Ensure that the pass-through authentication settings configured via GPO is applied
It’s important that you apply the pass-through authentication settings configured via GPO through the Citrix provided ADM file to both:
- The login accounts
- The actual virtual desktops
More information on how to do this can be found in one of my previous blog posts here: http://terenceluk.blogspot.com/2012/01/lessons-learned-with-citrix-web.html
Step 3 – Configure a XenApp Services Site on your Web Interface server for pass-through authentication:
Unless you intend on configuring the authentication for Kerberos only, do not select the Use Kerberos only checkbox for your XenApp Services Site for pass-through authentication:
Step 4 – Add your Web Interface server’s virtual name (NLB), NetBIOS name and FQDN into your virtual desktop’s intranet sites via GPO as well as change the User Authentication in the Custom level of the Local Intranet settings to Automatic logon with current user name and password
Whether you want to add the NetBIOS name or FQDN into your virtual desktop’s intranet site via GPO in Active Directory or as a local policy is up to you as both will work:
Note that I haven’t fully tested whether it’s absolutely necessary to have the User Authentication in the Custom level of the Local Intranet settings set to Automatic logon with current user name and password since we’re already putting the web interface’s virtual name (NLB), NetBIOS and FQDN into the Local Intranet site because through other tests with pass-through authentication through the web interface site, I was able to just leave it set to Automatic logon only in Intranet zone.
Step 5 – Test pass-through authentication from your XenDesktop to a Web Interface site configured for pass-through authentication
As a test, although this is optional, I would suggest that you configure a pass-through authentication site on your Web Interface server to check to ensure your virtual desktop can actually authenticate correctly with the site without prompting you for credentials:
Step 6 – Enter the Server Address into your Citrix Receiver’s Change Server window
With everything set up, you can now add the URL of your XenApp Services Site into the Citrix Receiver’s Change Server‘s Server Address field:
Note that you need to add:
/config.xml
… after your site’s URL or it won’t work.
Note that alternatively, you can modify the Server Address via the registry in the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\PNAgent
Step 7 – Ensure that the pass-through authentication works within the XenDesktop virtual desktop
After you’ve entered the server address into the Citrix Receiver’s properties, you should be able to right-click on the Online Plug-in status and see that your options are as follows:
- Refresh Applications
- Change Server
- Options
Click on your virtual desktop’s start menu and you should see the start menu populated with your XenApp applications.
No comments:
Post a Comment