If you are able to login to your Citrix Storefront and get a list of application, but when launching something you get an error –
And checking the “Citrix Delivery Services” logs on your Storefront gives errors such as these –
The Citrix servers do not trust the server. This message was reported from the XML Service at address http://xxx/scripts/wpnbr.dll [NFuseProtocol.TRequestAddress].
Failed to launch the resource 'xxxx' using the Citrix XML Service at address 'http://xxx/scripts/wpnbr.dll'. The XML service returned error: 'not-trusted'.
You have come to the right place. :)
This is because you probably have “Domain pass-through” authentication enabled on your Store and/ or the Receiver for Websites (note the latter: easy to miss out). When this is enabled and users visit the Storefront page, they don’t get the usual username password prompt. Instead they get an option to login with the Windows credentials.
The problem with this is that these Windows credentials are passed on to the Storefront server. The Storefront server is happy, gives the users a list of apps and desktops assigned to them, etc. But when the user clicks on something, it is the Citrix Receiver that comes into play and needs to pass on the credentials to the concerned XenApp or XenDesktop server. Citrix Receiver needs to be explicitly installed with the ability to do Single Sign-On (i.e. pass on Windows credentials) and if that’s not the case users will not be able to launch any app or desktop. (The command line to do such an install is: CitrixReceiver.exe /includeSSON
). Once this is done an additional component called ssonsvr.exe
will be present on the user machine, and that facilitates SSO.
For more details on Citrix Receiver and SSO check out this link. And for an official explanation of what I wrote above, check out this blog post.
Lastly, if you don’t want to do any of this, there is a work around. :)