Here is the session policy for native Receivers:Īnd here is the session profile it invokes. To explain my setup, here is my NetScaler Gateway that all my Receivers are connecting to: My NetScaler Gateway 11.1 and StoreFront 3.8 Setup
#Citrix receiver not working windows
And that’s when I noticed this was failing for Windows Receivers. In my case I had done this setup in my lab in the interest of time for a quick XenApp 7.12 demo where I just changed my NetScaler Gateway session policy to go from my normal Production environment to this new demo environment. Not worth it in my opinion but I’ve seen it. This saves just a little bit of cash on buying another cert as well as shaves off a few min off a StoreFront deployment (binding an SSL cert in IIS).
In some environments I’ve seen, people like to use the NetScaler Gateway for HTTPS traffic to the clients, but leave the backend to StoreFront on HTTP over port 80. That’s fine but but we’re adding an HTTPS based NetScaler Gateway URL. An attacker gaining a foothold in your datacenter is all too common these days, make it as hard as possible for them to sniff out traffic.Ĭitrix doesn’t want you to add an HTTP based StoreFront URL here. In a nutshell, encrypt everything in your datacenter. Anytime I deploy something I always take on a FIPS 140-2 mindset because even though you may not have to worry about FIPS Compliance right now, you may need to do something similar later even through another regulatory body so it’s best to just start out on the right foot securing your infrastructure anytime you build something no matter what industry you are in. I always take this approach in Production environments. This is because the best practice is to always use SSL, whether on the front end for clients or backend communication to your servers.
Please contact your system administrator. HTTP Store requires additional configuration before being added to the Citrix Receiver. If you add “HTTP” to the URL, it will give you a warning like this:
If you add “HTTPS” to it, it will look fine as well: If you add your URL like this, it is by default going to go over HTTPS over an encrypted SSL/TLS connection: The Windows Receiver requires an “HTTPS” URL by default.
0 kommentar(er)
