Citrix Receiver for Windows 4.9 LTSR

Using Configuration Checker to validate Single Sign-on configuration

Starting with Release 4.5 of Citrix Receiver for Windows, Configuration Checker helps users to run a test to ensure Single Sign-on is configured properly. The test runs on different checkpoints of the Single Sign-on configuration and displays the configuration results.

  1. Logon to Citrix Receiver for Windows.

  2. Right-click Citrix Receiver for Windows in the notification area and select Advanced Preferences. The Advanced Preferences window appears.

    Advanced preferences

  3. Select Configuration Checker. The Citrix Configuration Checker window appears.

    Configuration checker

  4. Select SSONChecker from the Select pane.
  5. Click Run. A progress bar appears, displaying the status of the test.

The Configuration Checker window has the following columns:

  1. Status: Displays the result of a test on a specific check point.
    • A green check mark indicates that the specific checkpoint is configured properly.
    • A blue I indicates information about the checkpoint.
    • A Red X indicates that the specific checkpoint is not configured properly.
  2. Provider: Displays the name of the module on which the test is run. In this case, Single Sign-on.

  3. Suite: Indicates the category of the test. For example, Installation.

  4. Test: Indicates the name of the specific test that is run.

  5. Details: Provides additional information about the test, irrespective of pass or fail. The user gets more information about each checkpoint and the corresponding results.

The following tests are performed:

  1. Installed with Single Sign-on

  2. Logon credential capture

  3. Network Provider registration: The test result against Network Provider registration displays a green check mark only when “Citrix Single Sign-on” is set to be first in the list of Network Providers. If Citrix Single Sign-on appears anywhere else in the list, the test result against Network Provider registration appears with a blue I and additional information.

  4. Single Sign-on process is running

  5. Group Policy: By default, this policy is configured on the client.

  6. Internet Settings for Security Zones: Ensure that you add the Store/XenApp Service URL to the list of Security Zones in the Internet Options. If the Security Zones is configured via Group policy, any change in the policy requires the Advanced Preference window to be reopened for the changes to take effect and to display the correct status of the test.

  7. Authentication method for Web Interface/StoreFront.

Note: If the user is accessing Receiver for Web, the test results are not applicable. If Citrix Receiver for Windows is configured with multiple stores, the authentication method test runs on all configured stores.

Note: The test results can be saved as reports and the default format for the report is .txt.

Hiding the Configuration Checker option from the Advanced Preferences dialog:

  1. As an administrator, open the Group Policy Editor by either running gpedit.msc locally from the Start menu when applying policies to a single computer, or by using the Group Policy Management Console when applying domain policies.
  2. In the Group Policy Editor, go to Citrix Components > Citrix Receiver > Self Service > DisableConfigChecker.
  3. Select Enabled. This hides the Configuration Checker option from the Advanced Preferences window.
  4. Click Apply and OK.
  5. Open a command prompt.
  6. Run gpupdate /force command.

For the changes to take effect, close and reopen the Advance Preferences dialog.


Configuration Checker does not include the checkpoint for the configuration of Trust requests sent to the XML service on XenApp/XenDesktop servers.

Using Configuration Checker to validate Single Sign-on configuration