So this is one of those topics why I actually started this blog. I’m preparing our environment for a big upgrade off all Citrix Receivers, implement Storefront and decommission our last two webinterface servers. A nice job which already gave me quite a headache. So in this tut I will try to give you the complete tutorial how to implement NSGW with Storefront so the Receiver can actually SSO, and all traffic is routed through the NetScaler Gateway.
Posts Categorized: Group Policies
At the moment I’m preparing for my CCE exam and one of the things I like to do is perform several setups. For this tutorial I implemented a XenDesktop & XenApp 7.5 server. A StoreFront server and a virtual NetScaler with a developer license. I already have in place a CA for my self signed certs, the domain joined machines automatically trust the Root CA cert and a Domain Controller is in place.
The goal of the tutorial is to get the StoreFront websites running on SSL. The XML traffic should be encrypted and the NetScaler has to connect to the StoreFront servers through SSL. Let’s start!
After decommisioning one of our old XenApp 4.5 servers today we experienced that normal (not admin) users could enumerate their apps through Citrix Webinterface or the online plugin. Admin users did not experience this strange behaviour.
I created a PowerShell script that runs scheduled under serviceaccount credentials. When executing the task I got an access denied. Investigating the problem I noticed that the Do not store password. The task will only have access to local computer resources checkbox was enabled. With this box enabled you cannot perform remote tasks (including writing to network shares).
So Internet Explorer contains a feature that’s called Content Advisor and can block and allow sites. Content Advisor can be managed with GPO but it’s very tricky, especially in a SBC environment.