Hi Guys, We've got a setup where our users login into their Desktops with their DomainA user accounts, and then from there connect to Citrix to enumerate their applications etc, but the Citrix servers themselves are actually part of Domain B. This works fine, as there is an external trust between the two domains. We have a Proxy server on DomainA that controls all external internet access, and the problem we have is that if any of the Citrix delivered apps require an external webpage, the users get prompted for a DomainA logon & password, even though they have already logged on with their DomainA logon. I think this may be to do with the fact that they have logged onto a DomainB computer (the citrix box), and that somehow affects the authentication? Thoughts appreaciated! Dave.

When you refer to domain A and domain B, are these both active directory domains? Is the trust one way or two way, and why have you used an external trust instead of a forest trust, is one of the domains an old NT domain? -- Mike Burr

Hi, Thank you for your post here. Since you have trust between domain A and domain B, do you log into the Citrix with the user accounts from domain A (as long as you have granted the proper permission for users from domain A in Citrix system which is in domain B)?

hi Guys, Thanks for the replys... there is a one-way external trust between DomainA and DomainB, which are both Active directory Domains (I inherited them in this way). The users log into Citrix with DomainA accounts, and all permssions look fine (for example all other non-internet apps work OK), it's only when the proxy server becomes involved that it prompts for a user& password. For example, when the users connect to the proxy from their PC's (ie outside of citrix), they authentictate OK and are not prompted to login again. The proxy is set to let anyone with domainA use it. The only thing that is different when using Citrix is that the citrix servers' computer accounts are part of DomainB and don't seem to be passing the authentication on correctly. Thank you, Dave.

I should add, that when you add you domainA logon & password when prompted by the proxy server, it connects to the internet OK, but then asked to login again each time you change webpages.

After a bit of research, it appears this is only affecting IE8... when the same behaviour (domainA users on DomainB computers) do not get prompted for logon by the proxy when using IE7. If that rings a bell with anyone, please shout :-)