Posted 05 January 2016 - 04:10 PM
Here is the working configuration for me, in a load balanced environment.
1) create an AD account that will be used as the ApplicationPoolIdentity
2) Trust the user account for delegation to any service (Kerberos only) (trust the Director servers for delegation is not necessary in this case)
3) create SPN :
setspn -S http/loadbalanced_URL domain\user
4) in IIS manager, on the Director site, disable anonymous authentication and enable Windows Authentication (this step is described in Citrix doc)
5) in IIS manager, on the Application Pools (Director), specify the user we have created in step 1 as ApplicationPoolIdentity
6) in IIS manager, select Default Web Site and open the Configuration Editor.
Navigate to the following section : system.webServer/security/authentication/windowsAuthentication
Set useAppPoolCredentials = True and useKernelMode = False
Hope this helps!