What is New in Citrix StoreFront 3.0

Classic Receiver Experience

To help you smooth the transition, StoreFront 3.0 supports the classic Receiver experience and when we upgrade from StoreFront 2.x to 3.0, the UI for the existing Receiver for Web sites will remain as the classic green bubble UI. When you create new Receiver for Web sites after the upgrade, users will see the new unified UI.
We can enable the new unified UI by selecting the Disable Classic Receiver Experience and Set Unified Experience as Default in Receiver for Web site.

Google Chrome Support without NPAPI

Google Chrome on Windows and Mac is fully supported without Netscape Plugin Application Programming Interface (NPAPI) in StoreFront 3.0. Receiver for Windows 4.3 and Receiver for Mac 12.0 support this features.

No Need of Editing Hosts File

Previously, as stated here, Citrix recommends that you modify the hosts file on your StoreFront servers to ensure that Receiver for Web always talks to the local StoreFront server instead of the load balancer. In StoreFront 3.0, we leverage a new feature in the .NET Framework 4.5 to implement loopback communication between Receiver for Web and the rest of StoreFront Services. This is configurable using PowerShell cmdlet

Set-DSLoopback [-SiteId] <Int64> [-VirtualPath] <String> [-Loopback] <String> [[-LoopbackPortUsingHttp] <Int32>]

Set-DSLoopback -SiteId 1 -VirtualPath /Citrix/StoreWeb -Loopback OnUsingHttp -LoopbackPortUsingHttp 81

Delegating Authentication to the Backend Providers

StoreFront 2.x communicates with the Active Directory to authenticate users. So the domain hosting StoreFront servers should have one-way external trust to the domain hosting the backend XenApp farms/sites. This may not be possible in some deployments. StoreFront 3.0 has the capability to delegate authentication to the XenApp farms.

Treating All Desktops as Applications

In earlier StoreFront, Desktops and applications are treated differently and are placed in a separate tabs in Receiver for Web. To keep published Desktop in the same tab with published applications, we have to add the TreatAsApp keyword to the published desktops. StoreFront 3.0 enables you to configure treating all desktops as applications at the store level without the need of adding the TreatAsApp keyword to all the published desktops

Integrated Monitoring Service for NetScaler

Before StoreFront 3.0, we have to install add-on package on the StoreFront server to support NetScaler monitoring. Now from StoreFront 3.0 it is integrated in StoreFront 3.0. It is installed and enabled by default. You can use PowerShell commands to modify the settings of this service or disable this service.

To check the URL for this service, use the cmdlet:

Set-DSServiceMonitorFeature -ServiceUrl https://localhost:444/StorefrontMonitor

Posted in Citrix XenApp

How to recover/reset password for a NetScaler appliance

We should avoid HA failover due to reboot, so it is recommended to set STAY PRIMARY on primary node and STAY SECONDARY on secondary node.

To reset the nsroot password, you must boot the appliance into single user mode.

Connect the console cable to the Netscaler Serial Console (9600 baud, 8 bits, 1 stop bit, No parity) of the NetScaler appliance. In case of NetScaler VPX access NetScaler through vSphere console.

1. After connecting to the Netscaler Serial Console, restart the NetScaler appliance.

2. Press Ctrl+C keys simultaneously to Boot in kernel.

3. To start the appliance kernel on a single user mode, run boot -s. If boot -s does not work, then try reboot — -s.

4. Press ENTER key to display the # prompt, and run the following command to verify the /flash drive consistency:
$ /sbin/fsck /dev/ad0s1a

5. Run the following command to display the mounted partitions:
$ df

6. Check if /flash drive is created, then run the following command to mount the flash drive:
$ /sbin/mount /dev/ad0s1a /flash

If the preceding command fails to mount the flash drive, then run the following command to create the flash directory and then run the preceding command again to mount the drive:
$ mkdir /flash

In case of NetScaler VPX on VMware, the disk uses SCSI emulation and the device name of the flash drive is da0s1a.

7. Run the following command to change to the nsconfig directory:
$ cd /flash/nsconfig

8. Create a new configuration file that does not have commands defaulting to the nsroot user:
$ grep –v “set system user nsroot” ns.conf > new.conf

9. Make a backup of the existing configuration file:
$ mv ns.conf old.ns.conf

10. Rename the “new.conf” file to “ns.conf”:
$ mv new.conf ns.conf

11. Run the following command to restart the appliance:
$ reboot

12. Log on to the appliance using the default nsroot user credentials (nsroot/nsroot).

13. Reset the nsroot user password of your choice:
$ set system user nsroot <New_Password>

Posted in Citrix XenApp

The hard disk names for the various Citrix NetScaler appliance models

When troubleshooting a NetScaler appliance we should know the hard disk partition that is mounted on the /var directory. It differs according to the NetScaler appliance model.

To check free space:
root@netscaler# df –h
Filesystem Size Used Avail Capacity Mounted on
/dev/md0c 161M 156M 2.6M 98% /
/dev/ad0s1a 237M 133M 85M 61% /flash
/dev/da0s1e 23G 8.7G 13G 41% /var
procfs 4.0K 4.0K 0B 100% /proc

To verify the mount point on the /var directory:
root@netscaler# mount
/dev/md0c on / (ufs, local)
/dev/ad0s1a on /flash (ufs, local)
/dev/da0s1e on /var (ufs, local)
procfs on /proc (procfs, local)

The hard disk names for the various Citrix NetScaler appliance models:

The following models use the /dev/ad2s1e device name for the hard disk:
-12000 series

The following models use the /dev/ad4s1e device name for the hard disk:

The following models use the /dev/ad6s1e device name for the hard disk:

These models may also use the /dev/ad0s1e device name for the hard disk, please check article CTX121853.

The following models use the /dev/ad8s1e device name for the hard disk:

The following model uses the /dev/da0s1e device name for the hard disk:

To mount a /flash drive on a NetScaler, we need a serial connection to the NetScaler appliance with the following specifications:

9600 bits per second
8 data bits
No parity
1 stop bit

To mount the missing flash drive, complete the following procedure:

1.Connect a console cable to the NetScaler appliance Serial Console.
2.Restart the NetScaler appliance.
3.Press the SPACEBAR key as soon as the following message is displayed:

Hit [Enter] to boot immediately, or any other key for command prompt
Booting [kernel] in 10 seconds

Note: On the NetScaler 7000 appliance, press the Ctrl+C keys simultaneously.

4.To start the kernel of the appliance in the single user mode, run the following command:
boot -s

5.Press the Enter key as soon as the following message is displayed:
Enter full pathname of shell or RETURN for /bin/sh:

Note: The prompt of the appliance changes to \u@\h\$.

6.Run the following command to verify the disk consistency:
\u@\h\$ /sbin/fsck <Device_Name>

7.Run the following command to verify if the flash drive is mounted:
\u@\h\$ df –k

8.If the output of the preceding command does not display the flash drive, then run the following command to mount the flash drive:
\u@\h\$ /sbin/mount <Device_Name> /flash

Note: For NetScaler 10.5, use -t ufs command with fsck and mount command.

9.Restart the NetScaler appliance.

10.From the shell prompt, run the following command to verify if the flash drive is mounted:
root # df –k

Posted in Citrix XenApp

Netscaler Basics – SSL Offload

The MPX series appliances have a Cavium SSL accelerator card and this card has the ability to handle SSL encryption/decryption cycles using a hardware card, rather than consuming valuable CPU resources. The VPX can have the SSL offload feature enabled also, however as there is no Cavium card, the SSL offload performance is not as high as an MPX appliance

1. Create a server object

“SSL Offload -> Servers” and then select “add”

The webserver is named WinWeb01 and has an IP address of

2. Create a service object to reflect the HTTP service that is running on this web server.

A NetScaler service consists of a server object, a protocol, port and a monitor.

The monitor is used to determine if the service is available, if the service is unavailable the NetScaler will mark the service as down, removing it from load balancing decisions.

3. Create a NetScaler virtual server (vServer) and provide the following information and bind the service to the vServer.

IP Address
Bound services

The IP address of the vServer will be used by clients to connect to the backend services.

Bind a certificate to the vServer, this is certificate will be presented for client connections.

Client connections should now be directed to the vServer’s IP address – The vServer will present the SSL certificate when a connection is made using HTTPS (TCP 443), any encryption/decryption of data will be processed using the NetScaler’s built in Cavium card.

Posted in Citrix XenApp

Netscaler Basics – Load Balancing

In a Netscaler load balancing setup, the load balancing server is logically (virtual server) located between the client and the server farm, and manages traffic flow to the servers in the server farm. On the NetScaler appliance, the application servers are represented by virtual entities called Services.

The components of NetScaler load balancing setup:

1. Load balancing virtual server
The IP address, port, and protocol combination to which a client sends connection requests for a particular load-balanced website or application. If the application is accessible from the Internet, the virtual server IP (VIP) address is a public IP address. If the application is accessible only from the local area network (LAN) or wide area network (WAN), the VIP is usually a private (ICANN non-routable) IP address.

2. Service
The IP address, port, and protocol combination used to route requests to a specific load-balanced application server. A service can be a logical representation of the application server itself, or of an application running on a server that hosts multiple applications. After creating a service, you bind it to a load balancing virtual server.

3. Server object
A virtual entity that enables you to assign a name to a physical server instead of identifying the server by its IP address. If you create a server object, you can specify its name instead of the server’s IP address when you create a service. Otherwise, you must specify the server’s IP address when you create a service, and the IP address becomes the name of the server.

4. Monitor
An entity on the NetScaler appliance that tracks a service and ensures that it is operating correctly. The monitor periodically probes (or performs a health check on) each service to which you assign it. If the service does not respond within the time specified by the time-out, and a specified number of health checks fail, that service is marked DOWN. The NetScaler appliance then skips that service when performing load balancing, until the issues that caused the service to quit responding are fixed.

1. Create Server Objects

Configuration > Traffic Management  > Load Balancing > Servers > Add.

Provide web servers name and IP address, create 2 or more servers

2. Create Service Group

Configuration > Traffic Management  > Load Balancing > Service Groups > Add.

Provide Name the group and set the protocol to HTTP.

Click ‘No Service Group members’ and select server based. Select Port as 80 or 443.

3. Create “Monitors” to monitor the Service.

Click ‘No service Group to Monitor Binding’. Select pre-configured HTTP monitor and Bind.

4. Create Vitrual Server. Configuration > Traffic Management  > Load Balancing > Virtual Servers > Add.

Give the Virtual Server name, Protocol- HTTP, IP address and Port -80. This will be the VIP the NetScaler presents to the outside world.

Click ‘No load balancing Virtual Servers Service Group Binding’ and select the Service Group and Bind.

Posted in Citrix XenApp