StoreFront 1912 through 3.5 – Basic Configuration

Last Modified: Sep 15, 2020 @ 5:45 am

Navigation

This article applies to StoreFront versions 1912 LTSR CU1, 1909, 3.16, 3.12.6000, and all other versions 3.5 and newer.

CVAD 2003 comes with StoreFront 1912. There is no StoreFront update in CVAD 2003. StoreFront 1912 LTSR CU1 is newer than the StoreFront 1912 in CVAD 2003.

💡 = Recently Updated

Change Log

StoreFront Versions

The most recent StoreFront Current Release is version 1912 LTSR Cumulative Update 1.

  • Starting with version 1811, the version numbering changed to a YYMM (year/month) format.
  • Version 1912 is also a Long-Term Support Release (LTSR).
  • CVAD 2003 comes with StoreFront 1912. There is no StoreFront update in CVAD 2003.

The user interface in StoreFront 1811 and newer is now the “purple” interface, which is different from versions 3.16 and older. Be aware of this change before you upgrade StoreFront. Customizations might not work in the new interface. There doesn’t appear to be any way to revert to the older user interface.

For LTSR versions of Citrix Virtual Apps and Desktops (CVAD), deploy the StoreFront that comes with LSTR CVAD.

StoreFront Installation / Upgrade

For small environments, it might be OK to install StoreFront on the Delivery Controller machines. But usually StoreFront and Delivery Controllers are separate machines.

  • If StoreFront will pull icons from multiple Citrix Virtual Apps and Desktops sites/farms, then StoreFront should be installed on its own machines.

To automate the installation of StoreFront, see Dennis Span Citrix StoreFront unattended installation with PowerShell.

The user interface in StoreFront 1811 and newer is now the “purple” interface, which is different from versions 3.16 and older. Be aware of this change before you upgrade StoreFront. There doesn’t appear to be any way to revert to the older user interface.

Citrix Blog Post StoreFront 3.0 Scalability recommends StoreFront servers to be sized with 4 vCPU and 8 GB RAM.

  1. If upgrading, do the following before beginning the upgrade:
    1. Other Users – Use Task Manager > Users tab to logoff any other user currently logged into the machine.
    2. Export the StoreFront configuration so you can restore it if something goes wrong.
    3. Stop the World Wide Web Publishing Service.
    4. Stop all StoreFront services.
    5. Close all PowerShell and StoreFront consoles.
    6. Citrix CTX226419 StoreFront upgrade fails to keep the setting in default ICA file. Take a backup of default.ica and usernamepassword.tfrm from C:\inetpub\wwwroot\Citrix\StoreName\App_Data. After upgrading StoreFront, replace the new default.ica and usernamepassword.tfrm with the old default.ica and usernamepassword.tfrm files to ensure you retain the old settings.
    7. If the Citrix SCOM Agent for StoreFront is installed, stop the Citrix MPSF Agent service. Citrix CTX220935 Cannot Perform a StoreFront Upgrade if Citrix SCOM Management Pack Agent Service is Running.
    8. If Microsoft SCOM Agent is installed, then stop the Microsoft Monitoring Agent service.
    9. See Patrick van den Born Avoid 1603 errors when upgrading Citrix StoreFront 2.x to Citrix StoreFront 3.5
  2. Operating system support:
    • StoreFront 1912 through 3.13 are not supported on anything older than Windows Server 2012 R2.
    • StoreFront 1811 and newer are supported on Windows Server 2019.
  3. Go to the downloaded Citrix StoreFront, and run CitrixStoreFront-x64.exe.

    1. You can find the standalone StoreFront installer on the Citrix Virtual Apps and Desktops (CVAD) ISO under the \x64\StoreFront folder.
    2. Or you can install StoreFront from the Citrix Virtual Apps and Desktops ISO by running AutoSelect.exe.
    3. It’s on the bottom left of the splash screen.
  4. In the License Agreement page, check the box next to I accept the terms, and click Next.
  5. In the Review prerequisites page, click Next.
  6. In the Ready to install page, click Install.
  7. In the Successfully installed StoreFront page, click Finish.
  8. Click Yes if prompted to reboot.
  9. If you upgraded a StoreFront server that was connected to Citrix Federated Authentication Services (FAS), then also upgrade Citrix Federated Authentication Services.

If this is a new install, skip to the Initial Configuration.

If you upgraded from StoreFront 2.6 or older, do the following to enable the Receiver X1 theme:

  1. In the StoreFront Console, on the left, click the Stores node.
  2. In the middle, right-click your store, and click Manage Receiver for Web Sites.
  3. Click Configure.
  4. On the Receiver Experience page select Disable classic experience. Note: this page is no longer available in StoreFront 1903 and newer.
  5. Once classic experience is disabled, you can now make changes on the Customize Appearance and Featured App Groups pages. Click OK and Close when done.

  6. Go to Stores. In the middle, right-click your Store, and click Configure Unified Experience.
  7. Check the box next to Set the unified Receiver experience as the default for this store, and click OK.
  8. When you propagate changes, the default web page might not be replicated to the other nodes. Copy C:\inetpub\wwwroot\web.config manually to each node.

If you are upgrading from StoreFront 3.8 or older, then do the following to add SAML Authentication as an option. This feature lets you perform SAML against StoreFront without needing NetScaler Gateway. If you did a fresh deployment of 3.9 or newer, then SAML is already added.

  1. Right-click your Store, and click Manage Authentication Methods.
  2. On the bottom, click the Advanced button, and click Install or uninstall authentication methods.
  3. Check the box next to SAML Authentication, and click OK.
  4. If you don’t want to configure SAML at this time, then uncheck the authentication method. See the Federated Authentication Service article for SAML details.

Initial Configuration

In StoreFront 3.8 and newer, you can create multiple stores in different IIS websites. This functionality is not exposed in the GUI and instead the entire StoreFront configuration must be performed using PowerShell. See Citrix Blog Post StoreFront 3.8 is Available NOW! for sample PowerShell commands to create the stores.

You can also use PowerShell to create a store and configure it as detailed at CTX206009 How to configure a Store via Powershell.

If this is a new deployment of StoreFront, do the following to perform the initial configuration:

  1. In PowerShell, run Set-ExecutionPolicy RemoteSigned.
  2. The management console should launch automatically. If not, launch Citrix StoreFront from the Start Menu.
  3. In the middle, click Create a new deployment.
  4. In the Base URL page, if you installed an SSL certificate on the StoreFront server, then the Hostname should already be filled in. For now, you can leave it set to the server name and then change it later once you setup SSL and load balancing. Click Next.
  5. In the Getting Started page, click Next.
  6. In the Store Name page, enter a name for the store. The name entered here is part of the URL path (e.g. /Citrix/CorpStoreWeb)
  7. Check the box next to Set this Receiver for Web site as IIS default and click Next.
  8. In the Delivery Controllers page, click Add.
  9. Enter a descriptive name for the Citrix Virtual Apps and Desktops (CVAD). This name does not need to match the actual farm name. (If StoreFront 3.5, don’t put spaces or periods in the farm name)
  10. Add the two Delivery Controllers. Change the Transport Type to HTTP. Click OK.
  11. If you have multiple Citrix Virtual Apps and Desktops sites/farms, feel free to add them now. Or you can add older XenApp farms. (If StoreFront 3.5, don’t put spaces or periods in the farm name). Click Next when done.
  12. In the Remote Access page, don’t check the box. Just click Next. You can set this up later.
  13. In the Authentication Methods page, check the boxes next to Domain pass-through and Pass-through from NetScaler Gateway. Click Next.
    Note: if you want Domain pass-through for browser users, you also need to enable it for Receiver for Web as detailed later in this topic.

  14. In the XenApp Services URL page, click Create.
  15. In the Summary page, click Finish.

Second StoreFront Server

After the server group is created, NT SERVICE\CitrixConfigurationReplication and NT SERVICE\CitrixClusterService must remain in the Administrators group on both StoreFront servers or propagation will fail.

  1. Install StoreFront on the second server.
  2. Create/Import the SSL certificate, and bind it to the Default Web Site.
  3. Login to the first StoreFront server. In the StoreFront management console, right-click Server Group, and click Add Server.
  4. Copy the Authorization code.
    Note: the Please wait message means it is waiting on you to add the 2nd server. You don’t actually have to wait.

  5. Login to the second StoreFront server and launch the management console. In the middle, click Join existing server group.
  6. In the Join Server Group page, enter the name of the first StoreFront server and enter the Authorization code copied earlier. Click Join.
  7. Then click OK.
  8. Go back to the first server. Click OK.
  9. Notice this message. It is good advice.
  10. All changes made on one StoreFront server must be manually propagated to the other StoreFront server. You do that by right-clicking Server Group, and clicking Propagate Changes.
  11. When you propagate changes, the default web page might not be replicated to the other nodes. Copy C:\inetpub\wwwroot\web.config manually to each node.

Customer Experience Improvement Program

StoreFront 3.9 and newer enable Customer Experience Improvement Program (CEIP) by default. To disable it, create the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Telemetry\CEIP\Enabled (DWORD) and set it to 0 (zero). Also see CEIP at Install, set up, upgrade, and uninstall at Citrix Docs.

See https://www.carlstalhood.com/delivery-controller-cr-ltsr-and-licensing/#ceip for additional places where CEIP is enabled.

Citrix Analytics

StoreFront 1906 and newer supports uploading to Citrix Analytics.

The client devices must be running Workspace app 1903 and newer.

See Onboard Virtual Apps and Desktops Sites using StoreFront at Citrix Docs.

Store Name – Rename

If you installed StoreFront on your Delivery Controller, it will have a default store named Store. If you don’t like the default Store Name (/Citrix/Store) then you will need to remove the store and re-add it.

Note: Some at Citrix Discussions (A protocol error occurred while communicating with the Authentication Service) have reported authentication issues after following this procedure. It’s probably cleaner to uninstall StoreFront and reinstall it.

  1. In the StoreFront console, on the left, click Stores.
  2. Right-click your store, and click Remove Store.
  3. Click Yes.
  4. On the left, right-click Stores, and click Create Store.
  5. In the Getting Started page, click Next.
  6. In the Store Name page, enter a name for the store. The name entered here is part of the URL path (e.g. /Citrix/CorpStoreWeb).
  7. Check the box next to Set this Receiver for Web site as IIS default and click Next.
  8. In the Delivery Controllers page, click Add.
  9. Enter a descriptive name for the Citrix Virtual Apps and Desktops farm. This name does not need to match the actual farm name. (If StoreFront 3.5, don’t put spaces or periods in the farm name)
  10. Change the Type to XenDesktop or Citrix Virtual Apps and Desktops.
  11. Add the two Delivery Controllers.
  12. Change the Transport Type to HTTP. Click OK.
  13. If you have multiple Citrix Virtual Apps and Desktops farms, feel free to add them now. Or you can add older XenApp farms. (If StoreFront 3.5, don’t put spaces or periods in the farm name) Or later, you can add farms in Store > Manage Delivery Controllers. Click Next when done.
  14. In the Remote Access page, don’t check the box and click Next. You can set this up later.
  15. In the Authentication Methods page, check the boxes next to Domain pass-through and Pass-through from Citrix Gateway. Click Next.
  16. In the XenApp Services URL page, click Create.
  17. In the Created Successfully page, click Finish.

SSL Certificate

StoreFront requires SSL. You will save yourself much heartache if you install valid, trusted certificates. There are two options for StoreFront SSL.

  • SSL Offload: Use NetScaler to do SSL Offload and load balancing. In this scenario, install the SSL certificate on the load balancer. You can leave the StoreFront servers listening on HTTP and no IIS server certificate. The SSL certificate on the NetScaler must match the DNS name that resolves to the load balancing VIP.
  • SSL End-to-end: Install an SSL certificate on each StoreFront server and bind to IIS. This allows you to use SSL protocol between the load balancer and the StoreFront servers.

If your load balancer cannot terminate SSL, then the StoreFront IIS certificate must match the DNS name that resolves to the load balancing VIP.

For load balancers that can terminate SSL (e.g. NetScaler), the StoreFront IIS server certificate should match the StoreFront server name. If StoreFront is installed on the Delivery Controllers, with server-specific certificates you can later enable HTTPS in the StoreFront Store Delivery Controller configuration.

Another option is to create an SSL certificate with Subject Alternative Names for the load balanced DNS name and each of the StoreFront server FQDNs. Then import this one certificate on all StoreFront servers. Or a wildcard certificate could match all of these names.

In either case, be aware that Email-based discovery in Citrix Receiver requires the certificate to not only match the StoreFront load balanced DNS name but the certificate must also match discoverReceiver.email.suffix for every email domain. Usually the only option to match multiple email domains is with Subject Alternative Names. If you have multiple email suffixes then you will need multiple Subject Alternative Names, each beginning with discoverReceiver. If you don’t plan on implementing email-based discovery, then you don’t have to worry about these discoverReceiver Subject Alternative Names.

If the certificate does not match discoverReceiver.email.suffix, then users will see this message when attempting to use email discovery in Citrix Receiver.

When adding Subject Alternative Names to a certificate, the first Subject Alternative Name should be the same as the Load Balancing FQDN. The remaining Subject Alternative Names should be discoverReceiver.email.suffix for every email domain.

When you view a Subject Alternative Name certificate, on the Details tab, click Subject Alternative Name to verify that all names are listed, including the DNS name that resolves to the load balancing VIP.

There are several methods of creating a certificate for StoreFront.

  • If you are implementing Single FQDN for internal and external users, then the certificate for external NetScaler Gateway can also be used for internal StoreFront.
    • Single FQDN has additional Subject Alternative Name certificate requirements including: Internal Beacon FQDN and Callback FQDN.
  • If you will support non-domain-joined machines (e.g. iPads, thin clients) connecting to your internal StoreFront, then the StoreFront certificate should be signed by a public Certificate Authority. You can use IIS to request the certificate. You can then export the certificate from IIS and import it to NetScaler (for Load Balancing and NetScaler Gateway). Public Certificate Authorities (e.g. GoDaddy, Digicert, etc.) let you enter additional Subject Alternative Names when you purchase the certificate.

  • If all internal machines are domain-joined, then you can use an internal Certificate Authority to create the StoreFront certificate. The Certificates MMC snap-in can be used to create an internal certificate signed by a Microsoft Certificate Authority. The MMC method allows you to specify Subject Alternative Names.

Once the certificate is created or imported, you need to bind it to IIS:

  1. In IIS Manager, right-click the Default Web Site, and click Edit Bindings.
  2. Click Add.
  3. Change the Type to https, and select the SSL certificate. Do NOT put anything in the Host name field. Click OK, and then click Close.

Delivery Controllers – SSL

Delivery Controllers can be SSL enabled by using one of two methods:

Once SSL certificates are installed on the Delivery Controller servers, then you can configure the Store to use SSL when communicating with the Delivery Controllers.

  1. In the StoreFront Console, on the left click Stores.
  2. In the middle, right-click your store, and click Manage Delivery Controllers.
  3. Highlight the deployment and click Edit.
  4. The Servers list must contain FQDNs that match the certificates installed on those servers.
  5. Change the Transport type to HTTPS.
  6. Click OK twice.

Socket Pooling

Socket pooling is disabled by default in stores. When socket pooling is enabled, StoreFront maintains a pool of sockets, rather than creating a socket each time one is needed and returning it to the operating system when the connection is closed. Enabling socket pooling enhances performance, particularly for Secure Sockets Layer (SSL) connections.

Only enable Socket Pooling in StoreFront 3.15+, StoreFront 3.12.2000+, and StoreFront 3.0.6000+. (source = CTX227903 TCP Ports get exhausted on the StoreFront server)

To enable socket pooling:

  1. On the left, click the Stores node.
  2. In the middle, right-click your store, and click Configure Store Settings.
  3. On the Advanced Settings page, check the box for Enable socket pooling.

HOSTS File

Edit the HOSTS file (C:\Windows\System32\Drivers\Etc\HOSTS) on each StoreFront server with the following entries:

  • StoreFront Load Balancing FQDN (e.g. storefront.corp.com) = Load Balancing VIP in the local datacenter.
  • NetScaler Gateway Callback FQDN (e.g. callback.corp.com) = NetScaler Gateway VIP in the local datacenter.

Base URL – Change

  1. Configure load balancing of the StoreFront servers, including SSL certificate.
  2. In the Citrix StoreFront console, right-click Server Group, and click Change Base URL.
  3. Enter the StoreFront Load Balancing FQDN as the new Base URL in https://storefront.corp.com format.
    1. Receiver requires that the Base URL is https. It won’t accept http.
    2. If you want the StoreFront Base URL to be the same as your Gateway FQDN, then see the Single FQDN instructions.
  4. Click OK.

If the Base URL is https, but you don’t have certificates installed on your StoreFront servers (aka SSL Offload), then you’ll need to do the following:

  1. On the left, click the Stores node.
  2. In the middle, right-click your store, and click Manage Receiver for Web Sites.
  3. Click Configure.
  4. On the Advanced Settings page, change Enable loopback communication to OnUsingHttp. Click OK, and then click Close.

Default Web Page

After changing the Base URL, you’ll need to update the IIS Default Website.

  1. On the left, right-click Stores, and click Set Default Website.
  2. Check the box next to Set a Receiver for Web site as the default page in IIS, and click OK.
  3. Click Yes to overwrite.
  4. If you go to C:\inetpub\wwwroot and edit the file web.config, you’ll see the redirect.

Authentication Configuration

  1. In the Citrix StoreFront console, on the left, click the Stores node.
  2. In the middle, right-click your store, and click Manage Authentication Methods.
  3. Check the boxes next to Domain pass-through and Pass-through from Citrix Gateway.
  4. If you intend to enable pass-through authentication from Receiver Self-Service or from Receiver for Web, go to a Delivery Controller and run the command
    Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $True from a Windows PowerShell command prompt. Run asnp citrix.* first. In XenApp 6.5, this is a Citrix Policy > Computer > Trust XML Requests.
  5. Click the top gear icon, and then click Configure Trusted Domains.
  6. Select Trusted domains only, click Add, and enter the domain names in DNS format. The DNS suffix is needed if doing userPrincipalName authentication from NetScaler Gateway.
  7. Select one of the domains as the default.
  8. If desired, check the box next to Show domains list in logon page. Click OK.
  9. Click the top gear icon, and then click Manage Password Options.
  10. Make your selection, and click OK.
  11. Be careful with password changes. Any time somebody changes their password through StoreFront, a profile will be created for that user on the StoreFront server. Use a tool like delprof2.exe to periodically delete these local profiles.
  12. Or see Citrix Blog Post Delete Local User Profile Folders on StoreFront Servers for a script to delete local profiles.
  13. If you have Citrix Virtual Apps and Desktops Platinum Edition or Premium Edition and installed Self-Service Password Reset, you can integrate SSPR with StoreFront 3.7 or newer by clicking the top gear icon and clicking Configure Account Self-Service. This option is only available if your Base URL is https (encrypted). See the following for detailed implementation guides.
  14. Change the selection to Citrix SSPR, and click Configure.
  15. Check both boxes and enter the URL of the SSPR server using the displayed example (with /MPMService on the end). Click OK three times.
  16. With SSPR enabled, a new Tasks tab lets users enroll with SSPR.
  17. The logon page also has an Account Self-Service link.

  18. If StoreFront is not in the same domain (or trusted domain) as the users, then you can configure StoreFront to delegate authentication to the Delivery Controllers. See XML service-based authentication at Citrix Docs.
    • StoreFront 3.6 and newer can be workgroup members without joining a domain.

Citrix Online (3.11 and older)

This is only configurable in StoreFront 3.5 through 3.11. This feature was removed from StoreFront 3.12.

  1. StoreFront might be configured to add the Citrix Online icons. To remove them, on the left, click the Stores node.
  2. In the middle, right-click your store, and click Configure Store Settings.
  3. On the Citrix Online Integration page, uncheck all three boxes, and click OK.
    Note: This page is not available in StoreFront 3.12 and later.

Unified Receiver Experience (StoreFront 1811 and older)

If you did a clean install of StoreFront 3.5 through StoreFront 1811, then the newer UI will already be enabled, but Unified Experience might not be. If you upgraded from a StoreFront 2.6 or older, then you can disable the Classic UI to enable the newer UI.

  1. On the left, click the Stores node.
  2. In the middle, right-click your store, and click Manage Receiver for Web Sites.
  3. Click Configure.
  4. On the Receiver Experience page (only visible in StoreFront 1811 and older), select Disable classic experience. Click OK, and click Close.
  5. On the left, click Stores. In the middle, right-click your store, and click Configure Unified Experience.
  6. Check the box next to Set the unified Receiver experience as the default for this store and click OK.

Customize Receiver Appearance

If the Unified Receiver appearance is enabled, you can go to Stores > Manage Receiver for Web Sites > Configure > Customize Appearance to change logos and colors. Additional customization can be performed using the SDK.

You can also Manage Featured App Groups.

In StoreFront 1811 and newer, Featured App Groups are shown in the user interface as Collections.

  • The HOME page shows the Feature App Groups in a ribbon with arrows to let the user see more Featured App Groups. The ribbon view is limited to three icons per Featured App Group. When the user clicks a Featured App Group, every icon in the Featured App Groups is shown.
  • The APPS page has a Collections tab showing all collections and the number of icons in each Collection.
  • When the user clicks a collection, all icons in the collection are shown. The user can click Add All on the top right to mark all of the icons as Favorites.

To create Featured App Groups:

  1. Go to Stores > myStore > Manage Receiver for Web Sites > Configure.
  2. In the Edit Receiver for Web site window, on the Featured App Groups page, click Create.
  3. Give the Collection a name and a description.
  4. At the bottom, there are three methods of adding icons to the Feature App Group.
  5. If you select the Keyword option, then enter a keyword that will be added to the published apps that are in this collection.
  6. In Citrix Studio, go to the Properties of a published application. In the Description field, at the end, enter KEYWORDS:myCollectionKeyword.

In StoreFront older than version 1811:

  • Featured App Groups are displayed at the top of the Apps > All page.
  • By default, Featured App Groups are displayed with continual horizontal scrolling. This is OK if you have several Featured App Groups but doesn’t look right if you only have one Featured App Group.
  • Michael Bednarek has posted some code at Citrix Discussions to disable the continuous horizontal scrolling.
  • If you want to display more than 3 apps per group, see Michael Bednarek at Modify Receiver for Web site at Citrix Discussions.

Receiver for Web Pass-through Authentication

  1. On the left, click the Stores node.
  2. In the middle, right-click your store, and click Manage Receiver for Web Sites.
  3. Click Configure.
  4. On the Authentication Methods page, if desired, check the box next to Domain pass-through. Click OK.
  5. If the StoreFront URL is in the browser’s Local Intranet zone, then you’ll see a prompt to automatically Log On. This only appears once.
  6. If you want to default to Pass-through without any user prompt, then see Citrix Blog Post Configuring domain pass-through as your default authentication method. 💡

Workspace app for HTML5 2009

Workspace app for HTML5 is the new name for Receiver for HTML5.

  1. On the left, click the Stores node.
  2. In the middle, right-click your store, and click Manage Receiver for Web Sites.
  3. Click Configure.
  4. On the Deploy Citrix Receiver / Workspace app page, change the drop-down to Use Receiver for HTML5 if local Citrix Receiver/Workspace is unavailable.
  5. By default, the HTML5 session opens in a new tab. You can optionally enable Launch applications in the same tab as Receiver for Web. See Configure Citrix Receiver for HTML5 use of browser tabs at Citrix Docs for more information.
  6. Click OK, and then click Close.
  7. Download the Workspace app 2009 for HTML5 (version 20.9.0.4134).
    Note: new versions of Workspace app for HTML5 are released frequently.

  8. Install the HTML5 Workspace app (CitrixHTML5Client-x64.exe) on one of the StoreFront servers. It installs without prompting. When you Propagate Changes in StoreFront console, the Workspace app for HTML5 will be copied to the other StoreFront servers.

  9. To see the installed version of HTML5 Workspace app, in StoreFront console, click the Stores node on the left.
  10. In the middle pane, in the bottom half, switch to the Receiver for Web Sites tab. You might have to click Refresh to see the new version.

HTML5 Workspace app configuration

  1. Copy/paste of text using Ctrl+C and Ctrl+V – HTML5 Workspace app version 1907 app adds support for copy/paste of text using Ctrl+C and Ctrl+V and the feature is enabled by default. More info at Enhanced clipboard experience at Citrix Docs.
  2. Multi-monitor – HTML5 Receiver 2.6.5 adds a multi-monitor feature, which is enabled by default.
  3. To configure HTML5 Receiver, edit the file “C:\Program Files\Citrix\Receiver StoreFront\HTML5Client\configuration.js”.

    1. Customer Experience Improvement Program (CEIP) is enabled by default. To disable CEIP in HTML5 Workspace App 1906 and newer, find the first analytics section and change enabled to false. 💡
    2. To disable CEIP in HTML5 Workspace App 1905 and older, search for the ceip section, and change it to false.
  4. In the StoreFront console, on the left, right-click Server Group, and click Propagate Changes.
  5. For VDA 7.15 and older, optionally, install Citrix PDF Printer on the VDAs. The PDF printer is in the Additional Components section of the HTML5 Receiver download page. This PDF printer is only used with Receiver for HTML5, and not with regular Receiver.
    Note: in VDA 7.16 and newer, the PDF Printer is included with the VDA installation and no longer needs to be installed separately.

  6. Note: as of Receiver for HTML 2.0, it’s no longer necessary to install App Switcher on the VDAs.

Other HTML5 Receiver configurations you can change by either editing C:\Program Files\Citrix\Receiver StoreFront\HTML5Client\configuration.js, or use the Citrix Workspace app (earlier known as Citrix Receiver) for Chrome and HTML5 – Configuration Utility downloadable from CTX229141.

  • HTML5 Receiver 2.6.4 improves PDF printing in Chrome and Firefox. Enable it by setting supportedBrowsers to true.
  • When printing from HTML5 Receiver to the Citrix PDF Printer, the user must click Continue to show the PDF. You can get rid of this prompt in 2.5.1 and newer. In the configuration.js file, scroll down to the line containing printDialog and set it to true.


  • From About Citrix Receiver for Chrome 2.0 at Citrix Docs: The new toolbar can be disabled or customized by editing the file C:\Program Files\Citrix\Receiver StoreFront\HTML5Client\configuration.js.

 

From Michael Bednarek at Citrix Discussions: There was a functionality change between StoreFront 3.0 and StoreFront 3.5 which affects the default client used for iPads. In SF 3.5, we default to using the native Receiver to launch apps on an iPad, as we expect this to be the majority use case. Unfortunately, on an iPad we are unable to actually tell whether you have the Receiver app installed or not, so we can’t do anything more intelligent out of the box.

There are two ways around this. Firstly, any iPad user can change between using native Receiver and using the HTML5 Receiver by going to the dropdown menu after logging on, and choosing “Change Receiver”. This will give you the chance to choose the HTML5 Receiver (“Use light version”) and your choice will be remembered for the next time you log on.

If this is no good, you can use a JavaScript customization to get back the old behaviour and make sure that iPad users default to HTML5.  See the forum post Cannot access citrix apps from ipad using HTML5 receiver post upgrade to SF 3.5 for the Javascript code.

 

If HTML5 Receiver is enabled, Chrome and Edge users have the option of selecting either native or HTML5 by clicking “Change Citrix Receiver“. To enable this option in IE or Firefox, see Emin Huseynov Citrix StoreFront 3.0 and HTML5 client.

 

From About Citrix Receiver for Chrome 1.9 at Citrix Docs: To enable enhanced clipboard support, on every VDA set the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\Virtual Clipboard\Additional Formats\HTML Format\Name=”HTML Format”. Create any missing registry keys. This applies to both virtual desktops and Remote Desktop Session Hosts.

 

Citrix Blog Post Receiver for HTML5 and Chrome File Transfer Explained:

  • How to use the toolbar to transfer files
  • Citrix Policy settings to enable/disable file transfer
  • VDA registry settings to control file transfer
  • HTML5Client\Configuration.js settings for client-side configuration
  • How to view HTML5Client log file

Deploy Citrix Workspace app / Receivers

  1. On the left, click the Stores node.
  2. In the middle, right-click your store, and click Manage Receiver for Web Sites.
  3. Click Configure.
  4. On the Deploy Citrix Receiver page, check the box next to Allow users to download HDX engine (plug in).
  5. Change both source drop-downs to Local files on the StoreFront server.

    1. For Windows, download one of the following:
      • Workspace app for Windows version 2009Workspace app is the new name for Receiver. Version 2009 is a Current Release.
      • Citrix Workspace app 1912 LTSR Cumulative Update 1 for Windows.
      • Receiver for Windows version 4.9.9002 (LTSR)
    2. For Mac, download Workspace app 2008 for MacWorkspace app is the new name for Receiver.
    3. Click each of the Browse buttons and browse to the downloaded Workspace app and/or Receiver.
    4. You can optionally enable Upgrade plug-in at logon.
    5. Click OK when done, and Close when done.
  6. If you prefer for users to download Workspace app from the Citrix website, then note that StoreFront defaults to downloading Receiver instead of Workspace app. To change it to Workspace app, do the following:
    1. In StoreFront Console, in the Deploy Citrix Receiver page, change Windows source and Mac source to Files on remote server (through URL).
    2. Enter the following paths:
      Windows Receiver = http://downloadplugins.citrix.com/Windows/CitrixWorkspaceApp.exe
      Mac Receiver = http://downloadplugins.citrix.com/Mac/CitrixWorkspaceApp.dmg
  7. When users connect to Receiver for Web, they will be prompted to install or upgrade.

Safari 12 and Newer

Safari 12 and newer disable NPAPI, so StoreFront 3.15 and older must be configured to use Receiver Launcher instead of NPAPI. StoreFront 3.16 and newer versions of StoreFront will already have this modification.

  1. Go to C:\inetpub\wwwroot\Citrix\StoreWeb and edit web.config using an elevated text editor.
  2. Near line 56, which starts with <protocolHandler, change the platforms attribute to the following. Essentially, you’re adding Safari 12 on Macintosh to the end of the regex. (source = Citrix Blog Post NPAPI support is being removed from Safari 12)
    "(Macintosh|Windows NT).*((Firefox/((5[2-9]|[6789][0-9])|\d\d\d))|(Chrome/((4[2-9]|[56789][0-9])|\d\d\d)))|Macintosh.*Version/(1[2-9]|[2-9][0-9]).*Safari/"

  3. Save the file. Later, you will need to Propagate Changes.

Receiver for Edge

The Receiver for Web experience in Microsoft Edge is not ideal. Every time a user clicks an icon, the user has the click the Open button after the .ica file is downloaded.

Citrix Blog Post Providing Full Receiver for Web Experience for Microsoft Edge has instructions for enabling the Receiver Launcher for Edge. Use your preferred text editor to open web.config for the RfWeb site you would like to configure (typically C:\inetpub\wwwroot\Citrix\StoreWeb\web.config). Locate the line like this: <protocolHandler enabled="true" platforms="(Macintosh|Windows NT).*((Firefox/((5[3-9]|[6789][0-9])|\d\d\d))|(Chrome/((4[2-9]|[56789][0-9])|\d\d\d)))(?!.*Edge)". Remove (?!.*Edge) and save the file.

But once you do that, you get a new switch apps prompt every time you launch an icon from Edge.

To stop the switch apps pop-up, on the client side, edit the registry, go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\receiver (create missing registry keys), create DWORD value WarnOnOpen, and set it to 0 (zero).

Receiver for Web Timeout

  1. On the left, click the Stores node.
  2. In the middle, right-click your store, and click Manage Receiver for Web Sites.
  3. Click Configure.
  4. On the Session Settings page, set the Session timeout as desired, and click OK.
  5. If you are using a NetScaler, you will need to change the Global Session Timeout located at NetScaler Gateway => Global Settings => Change Global Settings (right pane) => Client Experience (tab) => Session Time-out (mins).


  6. From CTX215701 How to Configure Session Timeout on StoreFront: If you increase the session timeout for RfWeb to be more than 1 hour, you have to also increase the maxLifetime appropriately in c:\inetpub\wwwroot\Citrix\Authentication\Web.config.
  7. If your desired timeout value is greater than 8 hours, you should also edit tokenLifeTime in c:\inetpub\wwwroot\Citrix\StoreWeb\web.config.

Favorites, Categories, and Default Tab

By default, when a user logs into StoreFront, the HOME tab or Favorites tab is selected. Users can go to other tabs to add icons to the list of Favorites.

In StoreFront 1811 and newer:

  • Favorites are shown on the HOME tab.
  • Favorites are also shown on the APPS view on the Favorites tab.
  • The user can click the star icon next to a published icon to mark that published icon as a Favorite and add it to the HOME view and Favorites tab.
  • On the APPS view, the user can expand the Categories drop-down and select a Category to view all icons in that Category.
  • Categories are configured in the Properties of the published application on the Delivery page.
  • Collections are configured as Featured App Groups.

In StoreFront older than 1811:

  • There’s a FAVORITES view.
  • On the APPS or DESKTOPS views, the user can click the Details link next to a published icon.
  • Then the user can click Add to Favorites to add the icon to the FAVORITES view.

Favorites can be controlled by the administrator:

  • You can completely remove the FAVORITES or HOME views by going to Stores > myStore > Configure Store Settings > User Subscriptions, and choose Disable User Subscriptions (Mandatory Store).

  • To force a published application to be favorited (subscribed), use one of the following keywords in the published application description:
    • KEYWORDS: Auto = the application is automatically subscribed. But users can remove the favorite.
    • KEYWORDS: Mandatory = the application is automatically subscribed and users cannot remove the favorite.
    • With Mandatory applications there is no option to remove the application from Favorites.
  • Citrix Blog Post How to implement dynamic landing pages in StoreFront has code for the following: If favorites exist, go to favorites tab. If favorites do not exist, go to the store tab. 💡
    //If favorites exist, go to favorites tab. If favorites do not exist, go to the store tab.
    var favoritesExist = false;
    
    CTXS.Extensions.sortMyAppList = function (app_array,defaultSortFn) {
    //This version checks if the amount of user favorites are greater than or equal
    //to "favoriteThreshold".
      var favoriteThreshold = 1;
      var favoriteCount = 0;
      for (var i = 0; i < app_array.length; i++){ if (app_array[i].canBeRemoved()){ favoriteCount++; } } if (favoriteCount >= favoriteThreshold){
        favoritesExist = true;
      }
    
      //This should always be called at the end
      defaultSortFn();
    };
    
    CTXS.Extensions.afterDisplayHomeScreen = function (callback) {
      if (favoritesExist == false){
        CTXS.ExtensionAPI.changeView("store");
      }
    };
    
  • Trentent Tye has a simple customization for C:\inetpub\wwwroot\Citrix\StoreWeb\custom\script.js to default to the APPS view if the user doesn’t have any favorites. See Citrix Storefront – Adventures in customization – Default to “Store” view if you have no favourited app’s.
    CTXS.Extensions.afterDisplayHomeScreen = function (callback) {
     /* If the user has no favorited apps, set the view to the apps view */
     if (CTXS.Store.getMyApps().length == 0) {
     CTXS.ExtensionAPI.changeView("store")
     }
    };
  • You can change the default view and view visibility by going to the Stores > myStore > Manage Receiver for Web Sites > Configure > Client Interface Settings page.
  • In StoreFront 1811 and newer, if you want to default to the APPS tab with Categories view expanded, then see CTP Sam Jacobs at Storefront 1811 – Default to Categories view at Citrix Discussions. Or see Citrix Blog Post How to land on the categories view in StoreFront 1811+.

    • Add the following to C:\Inetpub\wwwroot\Citrix\StoreWeb\custom\script.js.
      Note: if you already have afterDisplayHomeScreen in your script.js file, then you’ll need to merge them.
      function categoriesDelay() {
      $('#categoriesTabBtn').click();
      }
      
      CTXS.Extensions.afterDisplayHomeScreen = function (callback) {
      CTXS.ExtensionAPI.changeView('store');
      window.setTimeout(categoriesDelay,250);
      callback();
      };
  • In StoreFront older than version 1811, if you change the default view to APPS, then you might also want to default to the Categories view instead of the All view.

    • When publishing applications in Citrix Studio, on the Delivery page, specify an Application category so the applications are organized into folders.
    • To default the Apps view to the Categories view instead of the All view, add the following code to the end of the file C:\Inetpub\wwwroot\Citrix\StoreWeb\custom\script.js. More details at Storefront 3.0 – change default view at Citrix Discussions.
      CTXS.Extensions.afterDisplayHomeScreen = function (callback) {
           CTXS.ExtensionAPI.navigateToFolder('/');
      };
      
      CTXS.Extensions.onViewChange = function (viewName) {
        if (viewName == 'store') {
          window.setTimeout(function () {
          CTXS.ExtensionAPI.navigateToFolder('\\');
          }, 0);
        }
      };
      

    • Then when you login to StoreFront you’ll see Apps > Categories as the default view. This works in Receiver too.

Beacons

  1. On the left, right-click Stores, and click Manage Beacons.
  2. Configure an Internal Beacon. Receiver Self-Service tries to connect to the Internal Beacon to determine if Receiver is currently internal or not. If the Internal Beacon is reachable then Receiver Self-Service assumes it is internal, and thus connects to the StoreFront Base URL. If the Internal Beacon is not reachable, then Receiver Self-Service assumes it is external and thus connects to NetScaler Gateway. For this to work properly, the Internal Beacon must not be resolvable externally.
    If you are not doing Single FQDN, then the Internal Beacon can be the StoreFront FQDN since the StoreFront FQDN is usually only available internally.
    If you are doing Single FQDN, then you can’t use the StoreFront FQDN. Instead, you must use a different internal website for the beacon. If you need to support internal iPads, due to differences in how iPads determine location, the Internal Beacon should be a new FQDN that resolves to the StoreFront Load Balancing VIP thus requiring the StoreFront certificate to match both the Internal Beacon and the Base URL. If internal iPads are not needed, then the Internal Beacon can be any internal website.
    If you want to force internal Receiver Self-Service users to connect through NetScaler Gateway (for AppFlow reporting), you can set the Internal Beacon to a fake URL. Since the Internal Beacon is never resolvable, Receiver Self-Service always uses NetScaler Gateway. Or you can use Optimal Gateway to achieve the same goal.
  3. The External beacons are used by Receiver Self-Service to determine if the Receiver Self-Service has Internet access or not. You can use any reliable Internet DNS name. Click OK when done.

Propagate Changes

Any time you make a change on one StoreFront server, you must propagate the changes to the other StoreFront server.

  1. In the StoreFront console, on the left, right-click Server Group, and click Propagate Changes.
  2. You might see a message saying that you made changes on the wrong server.
  3. Click Yes when asked to propagate changes.
  4. Click OK when done.
  5. When you propagate changes, the default web page is not replicated to the other nodes. Copy C:\inetpub\wwwroot\web.config manually to each node.

Export/Import StoreFront Configuration

Use the following PowerShell cmdlets to export StoreFront Configuration into a .zip file (encryption optional) and import to a different StoreFront server group:

  • Export-STFConfiguration
  • Import-STFConfiguration

See Export and import the StoreFront configuration at Citrix Docs for details.

Logon Simulator

ControlUp has a free Logon Simulator for StoreFront and NetScaler Gateway. You can run it on any machine to periodically test app launches from StoreFront.

The tool creates entries in the Application Log in Event Viewer. The events can be consumed by your monitoring tool.

Related Pages

272 thoughts on “StoreFront 1912 through 3.5 – Basic Configuration”

  1. Carl,

    I’m having an issue in an existing VDA Deployment with regards to WebCam functionality.

    It seems they are not being detected or available for use in Video Conferencing Software such as WebEx. I’ve ensured that the Hooks are Whitelisted and even tried excluding the Citrix hooks altogether for “atmgr.exe” (Cisco Webex)…. Then I noticed something…

    When using Citrix Receiver HTML5 ,we don’t even see the devices detected in device manager on the VDAs themselves. Is this a limitation of Workspace app for HTML5/Citrix Receiver for HTML5? I can’t seem to find product docs which state support for USB/Device redirection outside of generic Video/Content redirection etc..

    I would like to rule this out, but can’t seem to find information about Compatibility or Feature limitations.

  2. Hi Carl, after updating from 7.15 CU3 to CU6 now when I launch what should be a single-monitor Published Desktop it shows fine on one monitor but on my second monitor shows half black and half white. I have opened a case with Citrix support (they already spun their wheels for two hours) but if you have some magic it would be much appreciated!

  3. Dear Guys,
    Thank you very much for your efforts for helping us to make everything simple and clear. I did everything as mentioned above BUT while using HTML5 I got “Error
    Citrix Workspace app cannot create a secure connection in this browser. Please refer to Citrix Knowledge Center article CTX134123”
    Kindly, How can I fix this problem in details without deploying Citrix ADC (Gateway) ?

  4. Hello Carl,

    There are keywords: Primary and Secondary. This keyword is useful when using a dual site setup. e.g. you have an application published in both sites and published using the same name but you want the users of that app to stay in site A. Only when Site A is not able to delivery the app from Site a the App displayed will be from site B. can you please add steps to configure the parameters.

    Cheers
    Kunal

  5. Hello Carl,

    I updated to storefront 1912 – It functions well with one exception the workspace app is not showing the new storefront without a reset(The web is updated and working). I doubt this is expected behavior but was curious if this is something that you have seen before? This doesn’t affect user functionality of course but I wanted to see if perhaps there was something I could do on the storefront server to resolve this without saying to users – “reset the workspace app”. The workspace app is 2002.

Leave a Reply to Wayne Chao Cancel reply