Of course you won’t be able to do that for home users so they’ll constantly call the Help Desk for help on this saying Receiver is broken. In a Production environment you would have to edit this registry key via Group Policy and push it down to all your clients. Now in a lab or small demo environment this is fine because you can control this. Open regedit and navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Dazzle It’s purely a client issue that occurs after authentication takes place and the client begins talking to StoreFront. Check the “Citrix Delivery Services” event log on your StoreFront servers and they are clean. Do a bug on your NetScaler Gateway and it’s fine.
I want to take a minute to point out that CitrixAGBasic is NOT failing. It seems to need this registry key even though you’re adding an HTTPS URL. Other Receivers are fine, but the Windows Receiver fails. Because the backend StoreFront Base URL is HTTP, the Windows Receiver sees this in it’s config after authenticating against the NetScaler Gateawy and pulling down the config. We’re adding an HTTPS URL from the NetScaler Gateway and not direct StoreFront. This can be accomplished by following this CTX article from Citrix called “How to Configure Citrix Receiver for Windows to Manually Add HTTP Stores”: In some cases, you may want to force an HTTP StoreFront URL against best practices. And that’s when I noticed this was failing for Windows Receivers. In my case I had done this setup in my lab in the interest of time for a quick XenApp 7.12 demo where I just changed my NetScaler Gateway session policy to go from my normal Production environment to this new demo environment. Not worth it in my opinion but I’ve seen it. This saves just a little bit of cash on buying another cert as well as shaves off a few min off a StoreFront deployment (binding an SSL cert in IIS). In some environments I’ve seen, people like to use the NetScaler Gateway for HTTPS traffic to the clients, but leave the backend to StoreFront on HTTP over port 80.
That’s fine but but we’re adding an HTTPS based NetScaler Gateway URL. An attacker gaining a foothold in your datacenter is all too common these days, make it as hard as possible for them to sniff out traffic.Ĭitrix doesn’t want you to add an HTTP based StoreFront URL here. In a nutshell, encrypt everything in your datacenter. Anytime I deploy something I always take on a FIPS 140-2 mindset because even though you may not have to worry about FIPS Compliance right now, you may need to do something similar later even through another regulatory body so it’s best to just start out on the right foot securing your infrastructure anytime you build something no matter what industry you are in. I always take this approach in Production environments. This is because the best practice is to always use SSL, whether on the front end for clients or backend communication to your servers.
0 kommentar(er)
