Delegated Explicit Authentications Test

The StoreFront authentication service authenticates users to Microsoft Active Directory, ensuring that users do not need to log on again to access their desktops and applications. StoreFront supports a number of different authentication methods for users accessing stores. In the Explicit Authentication method, users enter their credentials and are authenticated when they access their stores. Any delay in explicit authentication can scar the logon experience of a user.

Moreover, desktop Receivers and Receiver for Web site users logging on with domain credentials can be allowed to change their passwords. Receiver for Web supports password changes on expiration, as well as elective password changes. All desktop Receivers support password change through NetScaler Gateway on expiration only. If a user who is allowed to change a password, attempts to do so, and that attempt takes a long time, then once again, logon experience of that user suffers.

This is why, explicit authentication calls and change password calls should be monitored, and Citrix administrators notified of delays, promptly. This is exactly what the Delegated Explicit Authentications test does! This test monitors the StoreFront authentication service, tracks the explicit authentication and change password calls made via the service, and reports the average time taken by these calls. In the process, the test captures and reports authentication delays.

Target of the test : Citrix StoreFront Server

Agent deploying the test : An internal/remote agent

Outputs of the test : One set of results for the Citrix Storefront server being monitored

Configurable parameters for the test
Parameters Description

Test period

This indicates how often should the test be executed.


The host for which the test is to be configured.


The port number at which the specified host listens to. By default, this is 443.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Authenticate calls

Indicates the number of explicit authentication calls made since the last measurement period.



Authenticate average time

Indicates the average time taken to log a user on to Receiver for Web or the Store using Citrix client.


A consistent rise in the value of this measure could indicate an authentication bottleneck.

Change password calls

Indicates the count of change password calls made since the last measurement period.



Change password average time

Indicates the average time taken to change user passwords.


A delay in password change can occur due to one of the following reasons:

  • Disk space constraint: If you enable Receiver for Web site users to change their passwords at any time, ensure that there is sufficient disk space on your StoreFront servers to store profiles for all your users. This is because, to check whether a user's password is about to expire, StoreFront creates a local profile for that user on the server. In the absence of adequate disk space, StoreFront will not be able to store user profiles locally, thereby delaying password change.
  • Poor connectivity with domain controller: StoreFront must be able to contact the domain controller to change users' passwords. A latent network connection between StoreFront and the domain controller can therefore delay a password change.