Jeremy Holt1709154335 Posted June 13, 2016 Share Posted June 13, 2016 I'd like to provide a little more context to this issue, and to the resolution. I worked with Citrix support on this issue for quite a while, even though I rebuilt the environment for my client, as I needed it resolved sooner that the support case would take. The issue only occurs if you install storefront from the 7.8 complete installer. If you download the Storefront 3.5 installer, you will not have this issue. The storefront developer I spoke with stated that he believed it was an issue with how the all in one installer was packaged. We confirmed this, by using the stand alone StoreFront 3.5 installer. StoreFront 3.6 did come out on June 1st, however it's not packaged with the 7.8 installer, so it won't help in that instance. I assume the stand alone installer of 3.6 will work just fine, as well. If you have already installed StoreFront using the 7.8 installer, and you have this issue, there is a work around without having to rebuild your entire storefront configuration. Install storefront 3.5 using the stand alone installer, to another server, and then join it to the first server. This will copy over all of the configuration settings, and you can then remove the first server from the storefront group. If you need to go back to the first server, you can simply uninstall storefront, reinstall with the stand alone installer, and join it to the storefront group. Then remove the new server from the group and uninstall. I had to do this with a client. We had 2 servers installed with the 7.8 installer, so we staged another storefront server, using the stand alone installer, joined it to the group, then removed the other 2 servers, uninstalled, reinstalled joined, and then removed the new server. Hope that helps someone else. 1 Link to comment Share on other sites More sharing options...
Andrew Johnston Posted June 17, 2016 Share Posted June 17, 2016 Also check the IIS website bindings for the site Storefront is using. This issue was driving me bananas until I changed the bindings back to default. Essentially the IIS website bindings need to be configured so that it's ... ...listening on all IP addresses on port 80 with no host headers, and all IP addresses on port 443 with no host headers. Absolutely nothing else at all. Essentially do not share the default website with anything else and do not customise the default site bindings. If this was in any documentation I sure as hell missed it. Don't know if this will solve anyone else's problem, but it solved it for me. Most of my hair is now growing back... Link to comment Share on other sites More sharing options...
Dany Bongen Posted October 20, 2016 Share Posted October 20, 2016 Got the same issue in an installation where StoreFront had been installed from the 7.8 installation media in a redundant deployment. The workaround from Jeremy Holt didn't work in my case. To resolve the issue, I had to reinstall StoreFront 3.5 to a 3rd server and configure a completely new deployment. Then I uninstalled StoreFront from my 2 StoreFront servers and reinstalled it from the standalone package. After joining the servers to the new deploymend I removed the 3rd server. I double-checked with Citrix support before doing this, there is no other fix. Link to comment Share on other sites More sharing options...
Markus Fumasoli1709152661 Posted October 25, 2016 Share Posted October 25, 2016 I solved this issue with a change in the web.config file under the Roaming folder. I found out, that there is a path to /Citrix/Authentication under the <tokenManager> section on a storefront installation over the XenDesktop Controller installation wizard: <tokenManager> <services> <clear /> <service id="eb2f00ee-f116-4868-b630-c92ec645adde" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="39d87e3b-0f49-4316-92bf-3a7e4d8ee218"> <add id="79993481-fcc1-42e2-90bc-540f0491d106" location="http://citrix-xd.xyz.local/Citrix/Authentication/auth/v1/token" verifyId="47e2c2ae-3a84-4168-801f-36ea94dd7d0e" /> </trustedIssuers> <allowedAudiences> <add name="http-citrix-xd.xyz.local" audience="http://citrix-xd.xyz.local/" /> </allowedAudiences> </service> </services> </tokenManager> On a deployment with the standalone installer the <tokenManager> looked like this (no "add id" section) <tokenManager> <services> <clear /> <service id="835f2d8a-3f1a-4374-b35e-f01bf2c3827e" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="f183351c-0b04-4a97-90b1-42938f02a63a" /> <allowedAudiences> <add name="http-srvpvs01" audience="http://srvpvs01/" /> </allowedAudiences> </service> </services> </tokenManager> After i removed the "add id" section, the Receiver configuration works as desired <tokenManager> <services> <clear /> <service id="eb2f00ee-f116-4868-b630-c92ec645adde" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="39d87e3b-0f49-4316-92bf-3a7e4d8ee218" /> <allowedAudiences> <add name="http-citrix-xd.xyz.local" audience="http://citrix-xd.xyz.local/" /> </allowedAudiences> </service> </services> </tokenManager> 8 Link to comment Share on other sites More sharing options...
Markus Fumasoli1709152661 Posted October 25, 2016 Share Posted October 25, 2016 I solved this issue with a change in the web.config file under the Roaming folder. I found out, that there is a path to /Citrix/Authentication under the <tokenManager> section on a storefront installation over the XenDesktop Controller installation wizard: <tokenManager> <services> <clear /> <service id="eb2f00ee-f116-4868-b630-c92ec645adde" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="39d87e3b-0f49-4316-92bf-3a7e4d8ee218"> <add id="79993481-fcc1-42e2-90bc-540f0491d106" location="http://citrix-xd.xyz.local/Citrix/Authentication/auth/v1/token" verifyId="47e2c2ae-3a84-4168-801f-36ea94dd7d0e" /> </trustedIssuers> <allowedAudiences> <add name="http-citrix-xd.xyz.local" audience="http://citrix-xd.xyz.local/" /> </allowedAudiences> </service> </services> </tokenManager> On a deployment with the standalone installer the <tokenManager> looked like this (no "add id" section) <tokenManager> <services> <clear /> <service id="835f2d8a-3f1a-4374-b35e-f01bf2c3827e" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="f183351c-0b04-4a97-90b1-42938f02a63a" /> <allowedAudiences> <add name="http-srvpvs01" audience="http://srvpvs01/" /> </allowedAudiences> </service> </services> </tokenManager> After i removed the "add id" section, the Receiver configuration works as desired <tokenManager> <services> <clear /> <service id="eb2f00ee-f116-4868-b630-c92ec645adde" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="39d87e3b-0f49-4316-92bf-3a7e4d8ee218" /> <allowedAudiences> <add name="http-citrix-xd.xyz.local" audience="http://citrix-xd.xyz.local/" /> </allowedAudiences> </service> </services> </tokenManager> 4 Link to comment Share on other sites More sharing options...
Markus Fumasoli1709152661 Posted October 25, 2016 Share Posted October 25, 2016 I solved this issue with a change in the web.config file under the Roaming folder. I found out, that there is a path to /Citrix/Authentication under the <tokenManager> section on a storefront installation over the XenDesktop Controller installation wizard: <tokenManager> <services> <clear /> <service id="eb2f00ee-f116-4868-b630-c92ec645adde" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="39d87e3b-0f49-4316-92bf-3a7e4d8ee218"> <add id="79993481-fcc1-42e2-90bc-540f0491d106" location="http://citrix-xd.xyz.local/Citrix/Authentication/auth/v1/token" verifyId="47e2c2ae-3a84-4168-801f-36ea94dd7d0e" /> </trustedIssuers> On a deployment with the standalone installer the <tokenManager> looked like this (no "add id" section) <tokenManager> <services> <clear /> <service id="835f2d8a-3f1a-4374-b35e-f01bf2c3827e" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="f183351c-0b04-4a97-90b1-42938f02a63a" /> After I removed the "add id" section, the Receiver configuration works as desired <tokenManager> <services> <clear /> <service id="eb2f00ee-f116-4868-b630-c92ec645adde" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="39d87e3b-0f49-4316-92bf-3a7e4d8ee218" /> 2 Link to comment Share on other sites More sharing options...
Wojciech Misiara Posted November 21, 2016 Share Posted November 21, 2016 removing <add id> worked for us, thank you 1 Link to comment Share on other sites More sharing options...
Dennis de Groot1709156568 Posted December 6, 2016 Share Posted December 6, 2016 I solved this issue with a change in the web.config file under the Roaming folder. I found out, that there is a path to /Citrix/Authentication under the <tokenManager> section on a storefront installation over the XenDesktop Controller installation wizard: That worked like magic...! After removing the line the Citrix App started working right away... Thx for sharing! 1 Link to comment Share on other sites More sharing options...
Vitalij Belcenko Posted January 10, 2017 Share Posted January 10, 2017 Removing the line <add id> helped me also on XD 7.11, StoreFront 3.7 Thank you very much. 1 Link to comment Share on other sites More sharing options...
Juan Mejia Posted February 9, 2017 Share Posted February 9, 2017 Removing <add id> fixed for Receiver 4.6, StoreFront 3.6, and XenDesktop 7.9 1 Link to comment Share on other sites More sharing options...
Marco Hofmann Posted February 10, 2017 Share Posted February 10, 2017 We had the same problem. Removing the <add id> didn't solve this issue for me. We had a case with Citrix open, and the only solution was to reinstall Storefront 3.8. https://support.citrix.com/article/CTX213052 -- Marco Hofmann https://www.meinekleinefarm.net/ Link to comment Share on other sites More sharing options...
Gertjan Jongeneel Posted February 20, 2017 Share Posted February 20, 2017 I did remove <add id> within a StoreFront 3.8 environment facing this problem today and it worked. On first try, I did not read carefully, as the change should be made within the web.config file in the Roaming folder (not in the folder of a specific store). After the removal of the <add id> section (on bothe StoreFront servers), it started to work instantaneously. No restart of services or else needed. Link to comment Share on other sites More sharing options...
Jan Krajcik Posted April 18, 2017 Share Posted April 18, 2017 Brilliant! Removing <add id> worked for me as well. Netscaler 11.1, XA 7.12, StoreFront 3.8 Many thanks, Jan Link to comment Share on other sites More sharing options...
Chris Kendrick1709155247 Posted May 16, 2017 Share Posted May 16, 2017 Removing the <add id> worked for me. NetScaler 11.1, XA 7.13, SF 3.9. Also note that you need to change the <trustedissuers ....> line to where it ended in /> and removed the </trustedissuers> line below <add id....> Link to comment Share on other sites More sharing options...
Marco Hofmann Posted May 22, 2017 Share Posted May 22, 2017 This may be fixed with Storefront 3.11: When you select a configured Site during the setup of XenDesktop, a default store might be created in StoreFront that uses the default Authentication Service. If you remove this store, users of Citrix Receiver for Windows cannot add any other stores and the following error message might appear: "A protocol error occurred while communicating with the Authentication Service." [#LC6664] http://docs.citrix.com/en-us/storefront/3-11/about/fixed-issues.html -- Marco Hofmann https://www.meinekleinefarm.net Link to comment Share on other sites More sharing options...
Timothy Cochran Posted May 26, 2017 Share Posted May 26, 2017 I have figured out what the problem is. (No thanks to Citrix support). Its a bug. Just waiting to get a fix from them. The issue is that if you delete the default store that is created when you install Storefront, it breaks authentication. If you edit the default store or leave it as is and add your own store, everything works fine. Once you delete the default store, Authentication is broken. You can fix this by uninstalling Storefront and reinstalling it but I want a fix as I have already customized this store. I figured this out by installing a new Storefront server that worked fine until I deleted that default store called "Store Service" Nick Nick did you ever get an answer for this? This might be a faster compared to uninstalling storefront: "$Env:PROGRAMFILES\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1" Run the Clear-DSConfiguration command, which resets the server to default settings. ref: https://docs.citrix.com/en-us/storefront/3/sf-install-standard/dws-deploy-join.html Link to comment Share on other sites More sharing options...
Mark Hodges Posted July 24, 2017 Share Posted July 24, 2017 Thankfully there are smarter people then citrix support out there. Just saved me hours of freaking work by editing the web.config file. Why is it that customers can figure this out but the idiots who create the software can't.... Link to comment Share on other sites More sharing options...
William Fulmer Posted August 4, 2017 Share Posted August 4, 2017 Thankfully there are smarter people then citrix support out there. Just saved me hours of freaking work by editing the web.config file. Why is it that customers can figure this out but the idiots who create the software can't.... Same situation here. Troubleshot for a few hours and came across this. XenDesktop 7.14.1, StoreFront 3.11 and Receiver for Windows 4.8 Link to comment Share on other sites More sharing options...
Ryan Gallier Posted November 9, 2017 Share Posted November 9, 2017 Thank you. Removing <app id> also worked for me. All installed from the 7.15 LTSR ISO. SF 3.12 Receiver 4.9. Link to comment Share on other sites More sharing options...
Nicolas Benedetti Posted November 30, 2017 Share Posted November 30, 2017 Excellent, Works for Me Link to comment Share on other sites More sharing options...
Devansh Saluja Posted February 8, 2018 Share Posted February 8, 2018 Hi Everyone, Not sure if this helps now or not but if someone is still finding the problem then the issue was resolved in Storefront 3.11 or later. The fix was out - https://docs.citrix.com/en-us/storefront/3-11/about/fixed-issues.html Link to comment Share on other sites More sharing options...
oraat Posted August 16, 2018 Share Posted August 16, 2018 Hi, this issue is not resolved in newer versions. I just installed components from XA&XD 7.15.2000 LTSR dvd (SF is version is 3.12.2000.8), and this same problem exists. I also tried this remove "add id" section trick with no help. ONLY removing/reinstalling SF completely fixed it. Thank you. Link to comment Share on other sites More sharing options...
Ganesh Raju Posted October 4, 2018 Share Posted October 4, 2018 @oraat, This issue will be addressed in 7.15 LTSR CU3. Link to comment Share on other sites More sharing options...
Vitalij Belcenko Posted February 20, 2019 Share Posted February 20, 2019 On 10/4/2018 at 7:42 AM, Ganesh Raju said: @oraat, This issue will be addressed in 7.15 LTSR CU3. It doesn't look like resolved in CU3. I am not able find anything about this problem in Fixed issues. Does anyone test it after CU3 installation? Link to comment Share on other sites More sharing options...
Tim Hall1709159754 Posted May 1, 2019 Share Posted May 1, 2019 On 10/25/2016 at 10:27 AM, Markus Fumasoli1709152661 said: I solved this issue with a change in the web.config file under the Roaming folder. I found out, that there is a path to /Citrix/Authentication under the <tokenManager> section on a storefront installation over the XenDesktop Controller installation wizard: <tokenManager> <services> <clear /> <service id="eb2f00ee-f116-4868-b630-c92ec645adde" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="39d87e3b-0f49-4316-92bf-3a7e4d8ee218"> <add id="79993481-fcc1-42e2-90bc-540f0491d106" location="http://citrix-xd.xyz.local/Citrix/Authentication/auth/v1/token" verifyId="47e2c2ae-3a84-4168-801f-36ea94dd7d0e" /> </trustedIssuers> <allowedAudiences> <add name="http-citrix-xd.xyz.local" audience="http://citrix-xd.xyz.local/" /> </allowedAudiences> </service> </services> </tokenManager> On a deployment with the standalone installer the <tokenManager> looked like this (no "add id" section) <tokenManager> <services> <clear /> <service id="835f2d8a-3f1a-4374-b35e-f01bf2c3827e" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="f183351c-0b04-4a97-90b1-42938f02a63a" /> <allowedAudiences> <add name="http-srvpvs01" audience="http://srvpvs01/" /> </allowedAudiences> </service> </services> </tokenManager> After i removed the "add id" section, the Receiver configuration works as desired <tokenManager> <services> <clear /> <service id="eb2f00ee-f116-4868-b630-c92ec645adde" displayName="Roaming Consumer"> <relyingParties signingId="_" defaultLifetime="01:00:00" maxLifetime="01:00:00" /> <trustedIssuers decipherId="39d87e3b-0f49-4316-92bf-3a7e4d8ee218" /> <allowedAudiences> <add name="http-citrix-xd.xyz.local" audience="http://citrix-xd.xyz.local/" /> </allowedAudiences> </service> </services> </tokenManager> I can confirm that this worked in our environment as well. After reming out the add id section the protocol error was remediated. Thanks so much for this fix. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now