Deep in the Code

After downloading a new version of Citrix Receiver and installing it, I discovered that the single sign-on (SSO) functionality that used to “just work”, had stopped working.

After hunting through the Local Group Policy Editor, the registry, and the folder in which Citrix was installed, I was able to put together the following instructions. Completing these steps fixed my problem, however, the fole locations may vary somewhat depending on how your Windows and Citrix installations are configured.

Note: The person executing these steps will need local admin rights on the PC.

1. Add the following site(s) to the Local Intranet zone in Internet Options. (These will be specific to your organization.)
   1. http://yourcitrixwebportal.com
   2. https://yourcitrixwebportal.com

   In Internet Explorer, go to Tools –> Internet options.
   On the Security tab, click “Local intranet” in the “Select a zone…” area.
   
   Click the Sites button, and on the next dialog box, click the Advanced button.
   
   Add each site above by pasting or typing the URL into the “Add this website…” field and click the Add button for each one. The checkbox requiring HTTPS should be unchecked.
   
   Click Close, OK.
    
   Click the Advanced tab on the Internet Options box. Make sure the “Enable Integrated Windows Authentication” checkbox is checked. If not, check it. (You will also need to reboot the PC if this setting is changed after closing Internet Options.)
   
   Click OK to close Internet Options.

2. Copy files from the Citrix Receiver client into the appropriate Windows folder to enable Citrix Group Policies.
   1. Copy CitrixBase.admx and receiver.admx from “C:\Program Files (x86)\Citrix\ICA Client\Configuration” to “C:\Windows\PolicyDefinitions”
   2. Copy CitrixBase.adml and receiver.adml from “C:\Program Files (x86)\Citrix\ICA Client\Configuration\en-US” to “C:\Windows\PolicyDefinitions\en-US”

    

3. Click Start –> Run –> type gpedit.msc in the search field and hit Enter to open the Local Group Policy Editor. Find the “User authentication” folder in the left pane under Local Computer Policy –> Computer Configuration –> Administrative Templates –> Citrix Components –> Citrix Receiver. Click “User authentication” to display its settings in the right pane. In the right pane, double click “Local user name and password”. Click the Enabled radio button, and make sure that the “Enable pass-through authentication” and “Allow pass-through authentication for all ICA connections” checkboxes are checked. Click OK to close the “Local user name and password” settings box. Close the Local Group Policy Editor.
   
4. Reboot the PC.
5. When opening the Citrix app you may see a box asking to Permit or Block access to local resources. Check the checkbox and select Permit.

In looking through my older posts, I realized that I wrote my first post, Guide for the Perplexed, six years ago yesterday.

I don’t have as much time to write as much as did during the first couple of years of this blog; I generally write two posts per month now. Even so, I hope that these posts continue to do what I originally intended when I started writing them back in 2012 – both to make available useful information that is not easily found in one place, and by combining different techniques to synthesize processes that create more value than the sums of their parts.

I have received many comments and suggestions over the years, and I have found almost all of them to be not only constructive in nature, but that they have also helped correct things about which I was mistaken and also to help provide clarity when my explanation was not as clear as it could have been. Thanks for these, and keep the comments coming – they are welcome!

The things that have changed the most are the technologies that I’ve used. When I started, I primarily wrote about ASP.NET (mostly VB.NET, with some C# .NET), and SQL Server. Though I still write about SQL Server often, I find that I tend to work with other front-end technologies more often than ASP.NET now – especially JavaScript with or without jQuery.

I am planning on getting involved with more open-source technology where possible – R seems to be a good choice. Much like Python and jQuery, I think it will be more widely used in the coming years.

Thanks for reading!

When attempting to use the ODBC Data Source Administrator to test a connection to an Oracle Database from an Oracle client – one that did not have TNSPING installed – I got the above error:

Unable to connect
SQLState=S1000
[Oracle][ODBC][Ora]ORA-12504: TNS:listener was not given the SERVICE_NAME in CONNECT_DATA

When searching this error, I found quite a few Stack Overflow articles. Unfortunately, none of them solved the problem.

I was able to apply the remedy to a different issue to this one, and fortunately it worked.

For whatever reason, this client, though not the Instant Client as was the case in the previous article, was missing the “.ora” configuration files and the TNS_ADMIN environment variable. Once these were created, the client worked as expected.