We need a Terminal Server which always ask's for 2 factor authentication with RSA SecurID's.
Whether the user is coming from our internal network using a direct RDP connection where the Server have to handle the login and ask for the OTP, or over the internet through an NetScaler asking for the credentials and pass through to the Terminal Server.
So we've setup a Windows 2012 R2 Terminal Server with XenApp Delivery Agent 7.6.3 and installed the RSA Authentication Agent 7.2 on it.
Connecting via RDP, the user gets challenged his OTP and Active Directory password. - So far so good.
But the Citrix Single Sign on, or Pass-Through from NetScaler isn't working anymore and get stuck at the Login-Screen, asking the user again for OTP and Password.
On a Windows 10 everything works like a charm. If the User is authenticated at StoreFront or NetScaler the pass-through is working perfectly, even with installed RSA Authentication Agent.
Now I'm wondering if there is a switch to get this working on a Terminal Server as well.
We've tried to change the Credential Provider Order, played around with the RSA Local / Group Policy Settings, but everything without success.
Both Credential Providers at the same time aren't working on a Terminal Server like they do on Windows 10 VM
Does anybody have a hint to the right direction?