When using a different base url for storefront than your storefront is member of you might run into this one. When logging on to a machine configured for Domain Passthrough you need to enter the credentials again in Windows. To resolve this issue enter on your StoreFront server the following command:
Setspn -L <SF HOSTNAME>You might get this result
C:>Setspn -L SRV-SF-01
Registered ServicePrincipalNames for CN=SRV-SF-01,OU=Storefront,OU=Citrix,OU=Ser
vers,DC=DOMAIN,DC=LOCAL:
WSMAN/SRV-SF-01
WSMAN/SRV-SF-01.Domain.Local
TERMSRV/SRV-SF-01
TERMSRV/SRV-SF-01.Domain.Local
RestrictedKrbHost/SRV-SF-01
HOST/SRV-SF-01
RestrictedKrbHost/SRV-SF-01.Domain.Local
HOST/SRV-SF-01.Domain.LocalYou need to add the StoreFront Base URL to this list to make the magic happen.
Setspn -A HOST/<SF HOST> <SF BASEURL>Afterwards when you check again the BaseĀ URL is in the list.
C:>Setspn -A HOST/SRV-SF-01 storefront.domain.com
C:>Setspn -L SRV-SF-01
Registered ServicePrincipalNames for CN=SRV-SF-01,OU=Storefront,OU=Citrix,OU=Ser
vers,DC=DOMAIN,DC=LOCAL:
HOST/storefront.domain.com
WSMAN/SRV-SF-01
WSMAN/SRV-SF-01.Domain.Local
TERMSRV/SRV-SF-01
TERMSRV/SRV-SF-01.Domain.Local
RestrictedKrbHost/SRV-SF-01
HOST/SRV-SF-01
RestrictedKrbHost/SRV-SF-01.Domain.Local
HOST/SRV-SF-01.Domain.LocalGood luck!