Tracing Network Traffic from Receiver for Web to StoreFront Services

Tracing Network Traffic from Receiver for Web to StoreFront Services

book

Article ID: CTX692943

calendar_today

Updated On:

Description

This article is intended for Citrix administrators and technical teams only.


Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information.

This article describes how to obtain a Fiddler trace of the network traffic between the Receiver for Web Proxy and the StoreFront services.

Important Recommendations:

  • This procedure should only be performed in a non-production environment, to avoid capturing and exposing sensitive data.

  • The confidentiality and integrity of outbound SSL connections proxied through Fiddler might be compromised while traffic is being captured.

  • If explicit authentication is enabled in Receiver for Web, user passwords will appear in the trace in clear text.

Instructions

Complete the following procedure to obtain the fiddler trace of network traffic:

  1. Log on to the StoreFront server as a local user with administrator privileges.

  2. Edit the web.config file for the Receiver for Website and enable Fiddler tracing:

    <proxy enabled="true" processName="Fiddler" port="8888" />

    The web.config file is typically located at: C:\inetpub\wwwroot\Citrix\StoreWeb\web.config.

  3. Run IIS Manager and click Application Pools under the server node. Select the application pool named “Citrix Receiver for Web” and click Advanced Settings.

  4. Change the Application Pool Identity to Custom Account and specify the same account used to log on to the StoreFront server.

  5. Install and run Fiddler on the StoreFront server (still logged on as the same local administrator user).

  6. On Fiddler’s File menu, clear the Capture Traffic check box. This is not required because network requests from Receiver for Web are sent directly to Fiddler.

  7. On Fiddler’s Tools menu, select Fiddler Options.  

  8. On the HTTPS tab, select Decrypt HTTPS traffic option.

  9. Run Fiddler on the StoreFront server and export all Fiddler sessions after reproducing the issue.

Note To use any web proxy tool (Example: Fiddler) to capture the network traffic between Receiver for Web and StoreFront Service,  the Loopback feature must be switched off. Run the following command to disable Loopback:

Set-DSLoopback -SiteId 1 -VirtualPath /Citrix/StoreWeb `
-Loopback OnUsingHttp -LoopbackPortUsingHttp 81

When the trace has been captured, log on to the StoreFront server as the same local administrator user that installed Fiddler and complete the following steps to restore the system to its previous state:

  1. Run IIS Manager and reset the identity for the “Citrix Receiver for Web” application pool to the built-in account “ApplicationPoolIdentity”.

  2. Uninstall Fiddler.

  3. Run certmgr.msc and remove the Fiddler root certificate “DO_NOT_TRUST_FiddlerRoot” from the Trusted Root Certification Authorities store.

  4. Edit the web.config file for the Receiver for Website and disable Fiddler tracing.

    <proxy enabled="false" processName="Fiddler" port="8888" />

Issue/Introduction

This article describes how to obtain a Fiddler trace of the network traffic between the Receiver for Web Proxy and the StoreFront services.
Powered by Wolken Software