1. Kemp Support
2. Knowledge Base
3. Applications

How To - Troubleshoot StoreFront for Citrix Virtual Apps and Desktops

Updated: July 14, 2023 20:22

 Scope

This article will aim to assist in troubleshooting the various steps between Authenticating to Storefront and launching a published Virtual App or Desktop. This KB will be continuously updated.

Please reference Citrix StoreFront for Virtual Apps & Desktops Doc. 

 

Points Covered

1. Double Authentication

2. Redirect Loop

3. Incorrect URL in Browser after Authenticating

4. 404 Not Found

5. Idle Sessions

6. Launching an Application from Browser

7. Adding a Citrix Workspace Account

 

 

ESP Authentication

 

Double Authentication

Behaviour

Client logs into StoreFront via ESP, after Authenticating client is greeted with the Citrix StoreFront login Form.

Solution

1. Navigate to StoreFront Browser Auth ESP Sub VS ESP Settings ensure Form POST Format STORENAME is correct. it should resemble the following. /Citrix/kempWeb/PostCredentialsAuth/Login
2. On your Citrix Storefront Servers, ensure “HTTP Basic” Authentication is enabled, found under "Authentication Methods".  

 

Redirect Loop

Behaviour

If client logs in and the Browser says the site is not behaving correctly, enable Developer Tools and see if a Redirect Loop is occurring. If yes, do the following.

Solution

Check to see if Client is receiving a “CTXAuthID” Cookie. If they don’t receive this cookie, they will consistently be sent into the Storefront Browser Auth ESP Sub VS and loop.

Ensure HTTP Basic is enabled 

1. On your Citrix Storefront Servers, ensure “HTTP Basic” Authentication is enabled, found under "Authentication Methods".  
2. If enabled, you may have to modify the ESP SSO Domain Realm from Principal to Username. 

 

Incorrect URL in Browser after Authenticating

Behaviour

After authenticating the client has “External.Domain.com” in the browser.

Solution

Navigate to Rules & Checking > Content Rules > URL Modifications. and ensure rule “Citrix_Redirect_X” has the correct URL configured. By default, it’s “External.Domain.com/Citrix/STORENAMEWeb”. Both the FQDN and URL STORENAME need updating.

 

404 Not Found

Behaviour

After Authenticating the Browser returns "404 not found".

Solution

Ensure Clients “Citrix_Browser_URL” rule is configured correctly. It should rewrite from Root to Path. and should resemble the following. /Citrix/kempstoreWeb/.  See section in Doc  9.1 Header Modifications

 

Idle Sessions

Behaviour

Client tries to launch an application and the app just spins. Refreshing the browser takes the client back to the kemp logon page.

Solution

1. Ensure StoreFront is version 1912 LTS or greater.

2. Ensure your Logoff String is correctly configured. Navigate to Rules & Checking > Content Rule.

3. If correctly set, try increasing the "SessionState" time to 25 Mins, see section 8 Appendix in Doc. 

 

Launching Applications

When an application is Launched the LoadMaster will Rewrite the ICA file. If you enable L7 Debug Traces you will see the below taking place. 3 Settings in the ICA file will be modified.

1. Address=192.168.10.136:1494 > SSLProxyHost=citrix.kempdemo.com:4432
2. GatewayAddress=citrix.kempdemo.com > Address=citrix.kempdemo.com
3. SSLEnable=Off > 'SSLEnable=On

 

This means that the client is going to initiate an external secure connection to “Citrix.kempdemo.com” over port 4432. Please ensure that this port is open on the Firewall.

 

KEMP kernel: L7: ffff888070cacc88: mangle_body called with 'Address=192.168.10.136:1494

KEMP kernel: L7: ffff888070cacc88: mangle_body returning 'SSLProxyHost=citrix.kempdemo.com:4432

2020-06-29T10:34:16+00:00 KEMP kernel: L7: ffff888070cacc88: mangle_body called with 'GatewayAddress=citrix.kempdemo.com

2020-06-29T10:34:16+00:00 KEMP kernel: '

2020-06-29T10:34:16+00:00 KEMP kernel: L7: ffff888070cacc88: mangle_body returning 'Address=citrix.kempdemo.com

2020-06-29T10:34:16+00:00 KEMP kernel: '

2020-06-29T10:34:16+00:00 KEMP kernel: L7: ffff888070cacc88: mangle_body called with 'SSLEnable=Off

2020-06-29T10:34:16+00:00 KEMP kernel: '

2020-06-29T10:34:16+00:00 KEMP kernel: L7: ffff888070cacc88: mangle_body returning 'SSLEnable=On

 

It’s also possible that an Internal FQDN will be returned instead of an IP Address. To Confirm do the following. 

1. log into Storefront.
2. When it asks to detect Receiver, Cancel and select “Already Installed”.
3. Click on an Application and download the ICA file.
4. Open using Notepad and note the “Address=” setting.

The above image shows the internal IP Address. So your Body Response rule must match the IP Address and Port Number.

Note: If Port “:1494” is not appended to the IP or FQDN, remove it from each of the body response rules.

If ICA file correctly rewritten it should look like the following. 

 

 

Endpoint Settings

Ensure the Virtual Services have the correct destination ports configured on the VS. Port TCP 2598 or Port 8008 for HTML5 as shown above.

 

Launching Application using Workspace

Behaviour

Client tries to launch an application from Workspace a receives a message "missing Address". 

Solution

1. Ensure StoreFront default ICA file is configured with additional setting. See section in Doc

7.3 Step 3: Modify the ICA File

 

 

 

Adding Citrix Workspace Account

If adding a User account to the Citrix Workspace Application and you see the below message, ask client to install Workspace 1818 and then upgrade to latest version if required.

 

---

Comments