Tips From the Field: StoreFront 2.0 and Citrix Receiver Pass Through

Here is another problem that I get asked a lot about, which is configuring Receiver (4.0) for passthrough authentication with StoreFront 2.0. Well if you followed my StoreFront 2.0 “How To” article HERE you will be configured for domain passthrough the only piece you’re missing is configuring your clients.

Its not that hard..and I’ll lay it out here.

First..Receiver Enterprise is no more..with 4.0 forward there is only “Receiver”. So go grab Receiver 4 and lets look at a basic install where we will configure the client so that your users don’t even have to go through the self-provisioning wizard using their email address. Second, you still need to add your internal storefront URL (if you followed my article series its or something) to your Internet Explorer Trusted Sites. I would do this with a GPO zone assignment..but I’ll leave that up to you..not going to dive into that in this article.

Grab the latest Receiver from

Now..the magic sauce here is all just command line switches..all available HERE. Specifically we want to install Receiver from the command line using /includeSSON, ALLOWADDSTORE=N, and STORE0=”StoreName;https://storefrontloadbalancedVIP/discovery”. You can also include /silent if you want to do a silent install. NOTE that the StoreName has to match what is in StoreFront, and the URL is BEST gotten directly from StoreFront by opening up your console and going to “Stores” on the left then clicking “Export Provisioning File” on the right. You should see the internal address in there ending in /Discovery. I copy and paste this directly from that file into the command line options or batch file. Screenshot below.


To suppress the configuration wizard follow the guidance on this page: * Note: I usually just rename the executable to CitrixReceiverWeb.exe as that seems the easiest to me.

Next, you want to configure a “Receiver Client”  group policy with the icaclient.adm file and enable pass-through. The icaclient.adm  is located in the following location detailed below screenshot of my Windows8 PC. You would want to place this GPO at such a level in your org that it applies to the end user machines.


Load that ICAClient.adm into Group Policy Management Console under Administrative Templates, and modify to match the below:



So in summary:

Determine your method of config wizard suppression (some need to be done before initiating install), Run receiver.exe /silent /includeSSON /ALLOWADDSTORE=N /STORE0=”StoreName;”.

UPDATE:  Be sure to configure your IE zones to place the SF URL’s into Intranet on your clients via GPO. Placing them in “Trusted Sites”  doesn’t work without some additional settings, so Intranet zone FTW. Thanks to @NealDolson for providing that feedback.

Finally..Receiver doesn’t put itself in the startup folder don’t forget to copy the link there so it will automatically launch…you can probably automate that piece in whatever way you see fit to make it easier for your users.

Thats it..Receiver 4.0 configured with StoreFront 2.0 for pass through authentication.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s