Citrix XenApp

Disabling Microsoft passthrough authentication in ICA files when using Citrix Receiver Enterprise

on

If you are using ICA files to connect to a XenApp farm for whatever reason, and you are running Citrix Receiver Enterprise, it will attempt to passthrough credentials by default if you have setup Receiver to allow passthrough authentication using the ADM template. This is bad when you are trying to connect to a different domain because you will get the “The user name or password is incorrect” logon error message every time you launch the ICA file. It is trying to pass the wrong credentials:

You really don’t want to change your ADM file settings because that will break functionality for other things. The best way around this is to add these two lines to your ICA file:


UseLocalUserAndPassword=Off
AutoLogonAllowed=Off

Once you do that, launching the ICA file will work correctly and will show the domain the server is a member of:

About Jason Samuel

Jason Samuel lives in Houston, TX with a primary focus on strategic advisory and architecture of end-user computing, security, enterprise mobility, virtualization, and cloud technologies from Citrix, Microsoft, & VMware. He also has an extensive background in web architecture and networking over his 20+ year career in IT. He is an Author, Speaker, and Local User Group Community Leader. He is certified in several technologies and is 1 of 63 people globally that is a recipient of the prestigious Citrix Technology Professional (CTP) award. He is 1 of 42 people in the world that has been awarded as a VMware EUC Champion and VMware vExpert. He is a featured author on DABCC which provides the latest IT Community News on Cloud, Data Center, Desktop, Mobility, Security, Storage, & Virtualization. In his spare time Jason enjoys writing how-to articles and evangelizing the technologies he works with. Disclaimer: The content and opinions expressed in articles and posts are his own and are by no means associated with his employer.

Recommended for you

1 Comment

  1. David

    September 21, 2012 at 8:31 AM

    Dear Jason

    You might find it helpfull to redirect http to https. (if you dont know already)

    http://www.ballblog.net/2009/01/cag-enterprise-redirect-incoming-http.html

    You Blog is very usefull and well made.

    keep up the good work

    cheers David

Leave a Reply

Your email address will not be published.