Cannot Execute Package from Remote Integration Services Catalog involving double Hop

Hi All,

I have a SSIS 2012 package deployed to the Integration Services Catalog. I believe the package involves a double-hop authentication.  If I right click the package in the Integration Services Catalog (ISC) through SSMS on the server and select execute it fails with the 'Access Denied' error - Can't open the file in the shared location. However, when I try to call the package using a SQL Server agent job, it works perfectly fine.  

I understand that the Agent uses the service account while executing the package and when I manually execute the package through SSMS it uses my credentials. However, my credentials has full access to both the database server and the shared locations. In fact, if I execute the package within SQL Server Data tools using my credentials, the package runs fine without any issues.

Package Descriptions: The package simply copies a text file from one location to another.  I also tried creating another package in which data is extracted from one of the SQL server tables and is written to a text file and I encounter the same error.

My double hop scenario: (the one which FAILS)

Shared location in Server A

Catalog database is hosted on Server B

RDP to Server A, connect to SQL Server B using SSMS and execute the package from the Integration services catalog. – Fails with ‘Access Denied error’

Another scenario: (the one which SUCCEEDS)

Shared location in Server A

Catalog database is hosted on Server A

RDP to Server A, connect to SQL Server A using SSMS and execute the package from the Integration services catalog. – Bingo! Works fine.

Steps taken: 

* Enabled Kerberos authentication. Followed article: http://www.sqlscientist.com/2014/01/setup-kerberos-authentication-for-sql.html . However, it has no bearing as the package call through the SQL agent job works perfectly fine even without enabling Kerberos.

* The shared location has full control to everyone.

Any thoughts or insights would be really helpful? I have read articles, which suggests that SQL Server Integration Services does not support the delegation of credentials, sometimes referred to as a double hop. However, I fail to understand how it succeeds when I try to call the package through SQL server agent?

It makes me think if I should simply execute the package by doing an RDP to the server which also hosts the catalog database for manual execution of the packages.

Thanks for your time.