Jump to content
  • NetScaler does not publish remote virtualized resources (Apps & Desktops) when publishing the resources through NetScaler instead of StoreFront

    Ricardo José Garrido Reichelt
    • Validation Status: Validated
      Has Video?: No

    When publishing internal virtualized resources, it is common to use NetScaler  as Load Balancer  and security element (EPA , WAF , BOT , IP Reputation ) to protect the access to the virtualized company resources (Apps & Desktops; CVAD ).


    At some stage the organization might have the additional need to publish internal Web Applications to the business users. To be able to do so via NetScaler  it would be required to change certain settings, so that NetScaler  does publish the content to the user and not StoreFront.


    The settings that need to be changed for this purpose are:

    • CVPN turned to ON
    • ICA Proxy turned to Off

    CVPN Setting change




    ICA Proxy setting change



    Expected Outcome:


    Virtualized Apps & Desktop and also published bookmarks are being shown. In this example the SharePoint Web is the shared Web resource.




    In the case we have a setup with a single StoreFront Server, which FQDN is used in the “Web Interface Address” configuration, we will experience no problem and the expected outcome above will be shown.


    Yet if we have following common setup when deploying our CVAD & NetScaler Infrastructure, we will run into a problem where the virtualized applications and desktops will not be displayed by NetScaler.



    The setup where this situation will reproduce is the following:

    • A DNS record for the StoreFront FQDN entry is set in the DNS Record section of NetScaler.
    • This DNS record is the one we are using in the session policy of the NetScaler Gateway in the “Web Interface Address” under Published Applications in the Session Profile.
    • Also this DNS record will be pointing to our Load Balancing Virtual Server
    • The Load Balancing Virtual server was configured with a public IP even if it would not be public available and only reached by the Virtual Gateway.
    • And the Load Balancing Virtual Server will be pointing to our StoreFront farm (A/P or Cluster)

    When configured with CVPN turned to ON & ICA Proxy turned to OFF the virtualized elements will not be shown as expected.


    Here an example of the problem, where NetScaler is the publishing part, and where the virtualized elements are missing and only the Bookmarked elements are being shown:




    The described problem has to do with the Single Sign On policy. The IP for the Load Balancing VIP is being resolved as it is considered a public IP (remember the configuration), consequently the Single Sign On is turned off. It is required that the SSO is pushed by a Traffic Policy.


    This behavior has been put in place for security reasons in previous NetScaler versions.


    To fix this situation, it is required to create a traffic policy which is bound to the Gateway VIP as described in the following documentation reference:




    The same can be accomplished by making the required changes via the NetScaler User Interface as we can extract from the below image.




    After the changes we should experience the expected behavior where we should see the publishing of:


    • Virtualized Desktops
    • Virtualized Apps
    • Published Applications by NetScaler (Bookmark section of the Gateway Appliance, in this case as example SharePoint Web)



    User Feedback

    Recommended Comments

    There are no comments to display.

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...