Jump to content
Welcome to our new Citrix community!

Virtual Server to StoreFront store mapping - Remove prompt for multiple stores


Recommended Posts

Long and short, I'm running a pilot on our test Citrix setup.

 

Current setup (LDAP only):

  • Pair of StoreFronts load balanced by NetScaler
  • Single store, which allows internal and external access
  • Single NetScaler Gateway Virtual Server
  • Session policies have the full URL populated for the Published Applications -> Web Interface Address (one for Web, one for Receiver/Workspace)

 

New setup (LDAP and RADIUS (Office 365 MFA):

  • Same pair of StoreFronts, load balanced by NetScaler
  • Additional store added for the MFA instance
  • Two NetScaler gateway Virtual Servers (original one and new one with secondary auth enabled)
  • Each store has only the appropriate NetScaler address added in the Remote Access Settings
  • Session policies again have full URL populated (one for Web, one for Receiver/Workspace)

 

It all works perfectly. MFA requests work correctly in web and also with the weird swapped fields in the Receiver/Workspace app.

 

The problem:

 

When adding the account via Receiver/Workspace app for the new MFA-only Virtual Server, when it makes its call to the back-end StoreFront store it's obviously detecting that there are multiple stores available and asks which to use. To make for a strong user experience during this pilot, I want to supress this message and have it automatically select the store I've created for the MFA virtual server, ignoring the existing non-MFA one. I've tried turning off 'Store Advertisement' but all this results in is all NetScaler connections failing to contact StoreFront.

 

For background on why I've tackled it using multiple stores, see my latest comment in the following post:

 

https://discussions.citrix.com/topic/371731-two-factor-authentication-issue-with-citrix-receiver-app/page/2/

 

Any ideas how I can resolve this, without resorting to a completely new, independent pair of StoreFront servers? This whole thing is only an issue while I'm trialling. Once we're fully tested and ready to push into our live environment, we'll be dropping back to a single store and associated NetScaler Gateway.

 

Am I missing something really obvious here?

multiple_stores.jpg

Link to comment
Share on other sites

Anytime the services client is only given the StoreFront FQDN without a specified store, it prompts user to select a store if more than one is available.

If using a services client, specify the STORE Name instead of the lb fqdn only. Example:  https://storefront.demo.com/Citrix/NewStore-1

Or use a provisioning file with the store specified.

Or in storefront HIDE the stores you don't want advertised.  Its a store property.  If only one is unhiddent, users using the FQDN only will get to the only non-hidden store.

 

 

Link to comment
Share on other sites

1 hour ago, Rhonda Rowland1709152125 said:

Anytime the services client is only given the StoreFront FQDN without a specified store, it prompts user to select a store if more than one is available.

If using a services client, specify the STORE Name instead of the lb fqdn only. Example:  https://storefront.demo.com/Citrix/NewStore-1

Or use a provisioning file with the store specified.

Or in storefront HIDE the stores you don't want advertised.  Its a store property.  If only one is unhiddent, users using the FQDN only will get to the only non-hidden store.

 

 

Hi Rhonda, that's really useful info, thanks. We do actually always specify the full URL to the store (even when we only had one store) for both Web and Receiver profiles. The Web versions are critically dependent on that URL suffix so we know that works. It doesn't seem to matter what I put as the URL suffix for the Receiver profile though. When going in via the Gateway, it always prompts for the store to use.

 

I have just tested connecting Receiver directly to the StoreFront server, using the full URL with store suffix and it works exactly as you said, which is a good first step.

 

When I populate the same URL details into the Gateway session policy though, it still prompts for which store to use.

Link to comment
Share on other sites

Thanks Rhonda.

  • Store / Web Interface URL = https://FQDN/Citrix/StoreName/ (tried with and without trailing slash, IP instead of FQDN and the web suffix /Citrix/StoreNameWeb/ for good measure)
  • Account Services URL = https://FQDN/Citrix/StoreName/ (tried the same as above and also without specifying anything after the FQDN)
  • Receiver Homepage = BLANK

None of the above are specified globally so they're all set to override.

 

Policy expressions as follows:

  • Web sessions = REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver
  • Receiver sessions = REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver

We're running NetScaler v13.0 83.27.nc

Link to comment
Share on other sites

On 3/8/2022 at 7:59 PM, edgillilandgreatdane.com said:

Is that what this" Configure Unified Experience is for" image.thumb.png.3eb7567d4c9d5fea6b3ace5f2944848d.png

Hmm, I don't think so but good point. That would default one of the stores, whereas I'd need to default it differently for each inbound Gateway Server virtual server, so still wouldn't work.

 

To be honest, I've given up on this and removed the whole problem from the equation but creating two new StoreFront servers and pointed our new Citrix Gateway virtual server to them. Works like a charm and removes any risk of breaking existing setup. Once we're happy with the pilot, we'll retire our old StoreFronts.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...