Have a Question?
< All Topics
Print

Integrate NetScaler VPX with StoreFront

Posted
Updated
ByYongKW

Tutorial on how to Integrate NetScaler VPX with StoreFront

Refer to Provision Citrix NetScaler VPX with CLI to setup a new Citrix NetScaler VPX

Information for this lab

  • Public Accessable URL – https://citrix.aventis.com.my
  • Virtual IP Address – 192.168.1.238/24 assigned for citrix.aventis.com.my
  • Public SSL Certificate – Let’s Encrypt Wildcard SSL Certificate
  • Secure the XML traffics between Citrix StoreFront and Delivery Controller communication via HTTPS. The XML service is used for application and desktop resource enumeration including handling user name and password data from StoreFront to DDCs.
  • Static A record in NetScaler VPX to resolve citrix.aventis.com.my to IP Address of StoreFront
  • Authentication to AD Domain Controller via Secure LDAP (Port 636) instead of LDAP (Port 389)

Integrate NetScaler VPX with StoreFront

Static A record in NetScaler VPX

Add DNS A Record to point citrix.aventis.com.my to Internal Store Front Server (192.168.1.230)

add dns addRec citrix.aventis.com.my 192.168.1.230

Secure the XML traffics between Citrix StoreFront and Delivery Controller

Open Citrix Studio and go to Citrix StoreFront – Stores – Manage Delivery Controllers – Edit. Change the Transport Type from HTTP to HTTPS

Integrate NetScaler VPX with StoreFront

Configuration of Citrix NetScaler VPX

Login to NetScaler and click on Configuration – Integrate with Citrix Products – XenApp and XenDesktop – Get Started

Select StoreFront and click Continue

Enter the information below

  • Gateway FQDN – citrix.aventis.com.my
  • Gateway IP – 192.168.1.238
  • Port – 443
  • Redirect requests from port 80 to secure port – ENABLED

Select the imported Let’s Encrypt wildcard SSL certificate for *.aventis.com.my

Enter StoreFront URL = https://citrix.aventis.com.my and click Retrieve Stores to populate the information for Receiver for Web Path

Enter the Default Active Directory Domain = aventis.com.my and Secure Ticket Authority URL = https://citrix-ddc.aventis.com.my. Click Test STA Connectivity to verify NetScaler VPX can communicate with Delivery Controller successfully

Refer to FAQ: Citrix Secure Gateway/ NetScaler Gateway Secure Ticket Authority to have a better understanding on STA

Enable the Secure LDAP in AD Domain Controller by refering to my previous post

Select Choose Authentication Type = Domain by filling up the information as below and click Test Connection to verify NetScaler VPX is able to communicate with AD Domain Controller via Secure LDAP successfully

Click Done to complete the setup

Download the Configuration File for NetScaler VPX and import it to StoreFront.

Import the ns-sftrust-root.cert by refering to this link if you encounter “Cannot Download File. Operation not permitted [StoreFront Trust SSL certificate is missing]”

Replace the Default Portal Theme

You will see the default portal theme as below when you are accessing to https://citrix.aventis.com.my now

Go to Configuration – Citrix Gateway – Virtual Servers and double click on _XD_192.168.1.238_443

Change the Portal Theme to RfWebUI and click DONE

Users will see the login page as below when they login to https://citrix.aventis.com.my in the future

Configuration of StoreFront

Import the NetScaler Configuration File to StoreFront

Verify the Citrix Gateway URL: is configured to point to citrix.aventis.com.my

Verify the Secure Ticket Authority URLs: to point to https://citrix-ddc.aventis.com.my/scripts/ctxsta.dll with Enabled Session Reliability checked

Session reliability keeps sessions active and on the user’s screen when network connectivity is interrupted. Users continue to see the application they are using until network connectivity resumes.

Change the Callback URL to https://citrix-lan.aventis.com.my

Ensure that citrix-lab.aventis.com.my is resolve to the Virtual IP Address of NetScaler VPX (192.168.1.238)

Call back URL is the internally accessible URL of the appliance. This is used to verify that requests received from NetScaler Gateway originate from that appliance.

Click on Manage Beacons and change the Internal Beacon to Specify beacon address: https://citrix-ddc.aventis.com.my

Refer to Configure beacon points to have a better understanding on how Beacon works

Enable Domain Pass-Throught in Manage Authentication Methods

Refer to Citrix Documnetation – User authentication to understand further on the Domain Pass-Through Authentication

Disable Auto Launch Desktop in Manage Receiver for Web Site – Client Interface Settings

Disable Required Token Consistency in Configure Store Settings – Advanced Settings

Users login from Internal Network with Laptor, iPhone & Android

Users located in Internal Network can login successfully with Web Broswer & Citrix Workspace

  • 192.168.1.238 is the Virtual IP Address of NetScaler VPX

Users login from External Network with Laptor, iPhone & Android

Users can login successfully with Web Broswer & Citrix Workspace from Internet

Table of Contents
Scroll to Top