Jump to content


Second Logon prompt when launching app from Windows 2008 XenApp Box

Started by SHADAB JAMAL , 27 January 2009 - 04:36 PM
38 replies to this topic


  • 76 posts

Posted 27 January 2009 - 04:36 PM

When launching an app from my newly created Windows 2008 XenApp 5 server (via the web interface or PNA), I recieve a Windows Logon box and have to authenticate again before the published app is launched. This does not happen with my Windows 2003 XenApp 5 server that part of the same farm. I'd appreciate any thoughts the gurus might have.

Edited by: Shadab Jamal on Jan 27, 2009 11:36 AM

Cory Goffrier Members

Cory Goffrier
  • 105 posts

Posted 27 January 2009 - 07:10 PM

Unfortunately it seems this is a very common issue with the latest XenApp release on Server 2008. Pass-through (from Web Interface) does not work very well. What version of the ICA client are you running? 11.0?

For now, the work-around I found is by setting my Web Interface to explicit logon only, with a pre-populated domain name, once the user logs in (by authenticating once at the main screen) any application sessions pass-through correctly.

Helpful Answer


  • 76 posts

Posted 27 January 2009 - 07:33 PM

Hi Cory,

Thanks for answering my post. I have the Citrix XenApp Plugin for Hosted Apps version loaded on my machine . I already had the Web Interface set to Explicit only and the domain name was also Pre Populated and restricted. It's still prompting me with the LogOn Box. I just setup the PNA site for this XenApp 5 Farm and have the authentication method set to Prompt. I get the same thing. Any more thoughts?


Edited by: Shadab Jamal on Jan 27, 2009 2:53 PM

Cory Goffrier Members

Cory Goffrier
  • 105 posts

Posted 28 January 2009 - 12:15 AM

When you installed the plugin, did you make sure to select yes to enable Pass-Through authentication?

When you installed XenApp on the hosted server, did you point the "pass through" to the address of your Web Interface server?

Here are the authentication settings I have on my Web Interface (no PNA site setup yet) for reference:

Explicit Authentication Properties
Domain Restriction - Set to "restrict to the following domains" and only 1 domain entered
Automatic Logon - Both unchecked
Authentication Type - Domain user name only

On the actual XenApp server, open terminal services configuration, ICA client and check these settings:

'Log On Settings' tab - "Use client-provided log on information"

That's all I can think of to check for now. If that doesn't work you might try an older client (like 10.200) or maybe just the web interface plugin (without PNA).


  • 76 posts

Posted 28 January 2009 - 08:53 PM

Answers to your questions.

When you installed the plugin, did you make sure to select yes to enable Pass-Through authentication? Yes

When you installed XenApp on the hosted server, did you point the "pass through" to the address of your Web Interface server? Yes

It does pass through the authentication initially and show me my accessible publised applications BUT when clicking and launching the applications published on the Windows 2008 XenApp Server, it prompts again with a Windows Log-On Box. Very annoying!

I feel that it might be a security setting or LSP setting on Windows 2008 itself because when I try to just log in to the server via RDP, I have to provide the Domain log-in credentials in the DOMAIN\Username format. The Log On to box is no longer there like it was in previous versions of Microsoft Windows Server. Did Microsoft remove the Log On To box in Windows Server 2008?

The apps on my Windows 2003 XenApp server launch fine.

Edited by: Shadab Jamal on Jan 28, 2009 3:53 PM

Cory Goffrier Members

Cory Goffrier
  • 105 posts

Posted 29 January 2009 - 12:52 AM

Sounds like we're in the exact same boat. :)

I'm curious, is your web interface on a 2003 or 2008 OS? Mine is on a 2003, so I'm wondering if it's security differences between the two OS'? I haven't yet tried to deploy a 2008 WI to see if it makes a difference.


  • 76 posts

Posted 29 January 2009 - 04:08 PM

I created my WI and PNA sites both on Windows 2008. I checked IIS's security and the Local Security Policy and didn't see anything out of the ordinary.

Timco Hazelaar CTP Member

Timco Hazelaar
  • 45 posts

Posted 19 February 2009 - 08:51 AM


If seen this problem before.

I was using version 5.1, I got the same problem, pass through authentication was not working correctly. So I switched back to version 5.01, problem solved. :)

I think Citrix is working on a fix for this problem, but I'm not sure.




Edited by: Timco Hazelaar on 19-feb-2009 9:54

Justin Koestler Members

Justin Koestler
  • 29 posts

Posted 24 March 2009 - 07:58 PM

go into terminal services configuration, double-click ica-tcp, click logon settings and make sure "use client provided logon information" is toggled. also make sure "always prompt for password" is unchecked.

  • #10

  • 76 posts

Posted 24 March 2009 - 08:14 PM

Use client-provided log on information was already toggled and Always Prompt for password was also unchecked. Still same issue.

Sam Rayes Members
  • #11

Sam Rayes
  • 74 posts

Posted 17 June 2010 - 11:10 PM

Got the same issue , w2k3 with sp2 xenapp 5 with hrp06 and wi 5.3 no mixing with w2k8 server .. i checked all these settings as i found many threads bout that issue but nothing helps , i always got the second login prompt no matter what i tried ... only thing left is to try to set the authentification point from webinterface to webserver but i had to try that at weekend cuz users from many countrys access our farm to different times ... :(

Steve McGee Members
  • #12

Steve McGee
  • 45 posts

Posted 22 June 2010 - 07:52 PM

I am seeing this same problem, but I am not using pass-thru authentication. My clients log on to the XenApp 5 server with the XenApp Hosted Plugin 12.0 and their credentials are then saved during that session within the plugin. This is happening intermittently with only a couple of users and just started today. When the client attempts to launch the application they are provided a second Windows Login Screen.

XenApp 5 FP3 with XAE500W2K8013 and 046 hotifxes installed.


Michael Car Members
  • #13

Michael Car
  • 3 posts

Posted 16 July 2010 - 02:06 AM

Has anyone made any headway with this issue.
Im running XenApp 6 on 2k8R2, and have double checked all settings and steps above.
It is annoying having the Windows Server 2008 Login box come up when you try to launch the application.

Alex Graham Members
  • #14

Alex Graham
  • 2 posts

Posted 07 September 2010 - 03:08 PM

I ran into this issue recently. I am running Xenap 5 on 2008 x64 and WI 5.01 on 2008 x64.

I have one server running 2003 x86 to support legacy applications. I had these symptoms when the server was logged into as a local administrator. Whenever this is the case the users that launch applications from this server are prompted a second time with the Windows Logon where the domain field is prepopulated with the local machine name.

I was able to correct this by logging out the local administrator and logging in as the domain administrator. The next application launch from the web interface did not get a second prompt.

I have been able to repeat this.

Bruce Ricker Members
  • #15

Bruce Ricker
  • 40 posts

Posted 20 October 2010 - 06:42 PM

just tried....same issue here, even when not logged in as admin

xa6 2008r2

Alain Schneiter Members
  • #16

Alain Schneiter
  • 1 posts

Posted 30 December 2010 - 02:29 PM

I have teh same issue on a new installed Citrix XenApp5 farm.
We had to install XenApp 5 because several apps are not running on 2008 Servers.
- 3 XenApp 5 Servers wit Windows 2003 R2
- 1 Web Interface with 2008 R2 WI 5.4
- CAG 5.0 VPX in the DMZ

Everytime when a user logs on via the WI a second Windows 2003 Server R2 Login prompt appears.
I have checked all the ICA connection settings on the XenApp Servers and I have configured Passtrough.

Any idea?

Lennart Grave Members
  • #17

Lennart Grave
  • 6 posts

Posted 12 April 2011 - 01:33 PM

Same on XA6 on W2k8 R2 with WI5.4 and AG 5.02 VPX.... a long lasting problem....anyone???

Caspar Willemsen Members
  • #18

Caspar Willemsen
  • 2 posts

Posted 16 August 2011 - 02:10 PM

Same problem exists here, XA6, W2008r2 and WI 5.3.
Checked all settings that were discussed in this thread but no go :(

Franc van de Westelaken Members
  • #19

Franc van de Westelaken
  • 287 posts

Posted 23 August 2011 - 12:20 PM

Same here. WI 5.4, XA6, 2008R2 both fully patched...

Online plugin doesn't prompt for credentials when launching a published app, but WebInterface does.


Guest Members
  • #20

  • 2 posts

Posted 05 October 2011 - 05:55 PM

Hi All before you reinstall anything or restore, I had same problem, I have a 6 farm Citrix Xen 6.0 2008R2.
Check the following out. On App Server with problem, go to control panel,administrative tool,remote desktop service,remote desktop session host configuration. double click on ICA-TCP(properties). Click on Security Tab. click ok on warning.
make sure Domain Users are in the list with Permissions of User Access, and Guest Access.