Installing and Configuring Citrix StoreFront 2.0


With the release of Citrix XenDesktop 7, Citrix also released Citrix StoreFront 2.0. One of the biggest improvements is that StoreFront does not use a Microsoft SQL database anymore! This simplifies the installation because you no longer need to run the database setup scripts. Also the HTML5 HDX Receiver is now fully integrated into StoreFront and is no separate installation anymore.

This guide describes the step-step installation of Citrix StoreFront 2.0, how to configure the StoreFront server, including secure connection over HTTPS, IIS default site redirection, HTML5 HDX fallback receiver and Remote Access with NetScaler Access Gateway.

For the secure connection over HTTPS you need to install a server certificate (described in this guide), make sure you have Active Directory Certificate Servers with the Certification Authority and the Certification Authority Web Enrollment roles installed in your environment.  Also make sure the root CA is installed on every client and StoreFront server.

Installing Citrix StoreFront 2.0


Start the setup, select I accept the terms of this license agreement and click Next


Click Next


Click Install


Click Finish 

The administration console will now start automatically. To enable a secure connection over HTTPS, it is important to first install the server certificate before configuring StoreFront. 

Installing a Server Certificate

When using more than one StoreFront servers in your environment, make sure you have a DNS Host (A) record created pointing to the StoreFront load balancer address. It’s important to use that name for the server certificate.


Open the Internet Information Services (IIS) Manager and open Server Certificates


On the right side of the window click Create Certificate Request


Fill in the requested information. By Common name fill in the StoreFront load balancer address, for this case I use “storefront.hobo.lan”.


Select Microsoft RSA SChannel Cryptographic Provider and a 2048 bit length.


Save the request to a text file and click Finish


Open Internet Explorer and browse to http://<your Certification Authority server/certsrv
Click on Request a certificate


Click on advanced certificate request


Click on Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file


Open the saved request file, select all text and copy the text into the Save Request field. Select Web Server as Certificate Template and click Submit


Select Base 64 encoded and click Download certificate to download the certificate file.


Go back to the Internet Information Services (IIS) Manager and click Complete Certificate Request


Browse to the certification file, enter a Friendly name, and select Personal as certificate store. Click OK


On the left side of the window, select Default Web Site, on the right side, click Bindings


Click Add


Select HTTPS as Type and select the StoreFront SSL certificate. Click OK


Click Close

Configuring Citrix StoreFront 2.0

In the next part I will setup the Store and configure the basic settings including adding the NetScaler, edit the authentication methods, configuring trusted domains and manage password options.


Open the StoreFront management console and click on Create a new deployment


The Base URL is filled in automatically, click Next


Enter a Store name (anything you like) and click Next


Click Add


Fill in the requested information about the Delivery Controller you want to add and click OK


If you want to add more Delivery Controllers click Add again, otherwise click Next


Now you can add the NetScaler Gateway. This step is optional, if you do not have a NetScaler configured in your environment you can select None. For this blog I will add my NetScaler, so I select Full VPN tunnel and click on Add


Fill in the requested information for the NetScaler. The NetScaler Gateway URL is “HTTPS://<domainname>/Citrx/<storename>Web”. The Subnet IP address is optional and can be left blank. Click Next


Click Add


Enter the STA of you Delivery controller and click OK


Click Create


Click Create


Click Finish


On the left side click Authentication, on the right side click Add/Remove Methods


Select what is applicable and click OK


Click on Configure Trusted Domains


When configuring a Trusted Domain, the user does not need to enter the domain name at logon. Configure what is applicable and click OK.


Click on Manage Password Options


Select what is applicable and click OK

 IIS Default site redirection

 In the Citrix StoreFront management console there is no option to set the StoreFront Receiver for Web URL to the server default website like the old Citrix Web Interface (WI). Without configuring Default site redirection, a user always needs to enter the full StoreFront Receiver for Web URL, including the “/Citrix/<storename>Web. A good way to configure this is within the Internet Information Services (IIS) Manager.


Open the Internet Information Services (IIS) Manager. On the left side browse to the Default Web Site. On the right side double click HTTP Redirect


Select Redirect requests to this destination and add your StoreFront Receiver for Web Site URL. Select Redirect all request to exact destination and Only redirect requests to content in this directory. Click Apply on the button in the top right corner.

Now when a user enters the default web site URL he will be redirected to the StoreFront Receiver for Web URL.

Enable the HTML5 HDX fallback receiver

This cool feature is now fully integrated within StoreFront 2.0, you only have to enable it within the StoreFront management console.


On the left side click on Receiver for Web, on the left side click on Deploy Citrix Receiver


Select Use Receiver for HTML5 if local install fails, this will first check if a local Receiver is available and if not, the webinterface will give the option to download and install it. If the installation fails or the users logs in without installing it, the webinterface falls back to the Receiver for HTML5.

 Or, select Always use Receiver for HTML5, now the web interface will always use Receiver for HTML5, it will not check for a local installed version and it will not give the option to download it at logon.

 Click OK

If you connect to the StoreFront webinterface trough the NetScaler these steps are enough to let the HTML5 receiver work. But if you connect local to the StoreFront webinterface you have to apply the following Citrix Computer Policies to your XenApp and/or XenDesktop servers first;


WebSockets Connections – Allowed
WebSockets port number – 8008 (default)
WebSockets trusted origin server list – *

When using Mozilla Firefox users must set network.websocket.allowInsecureFromHTTPS to True in the about:config


You can now logon to the Citrix StoreFront webinterface and start your published applications and desktops.


If the HTML5 Receiver is configured well, a Windows 8 Published desktop will open in a new browser tab as shown in the picture above, how cool is that? 😉

Robin Hobo works as a Technical Consultant with main focus on Mobility and Application & Desktop delivery. He is specializes in Citrix, Microsoft and AppSense products.