The following scenarios provide an understanding of when to use the StoreFront server FQDN and/or NetScaler Gateway FQDN in an App Controller solution when connecting from a mobile device:

Internal Users Connecting to StoreFront Server

• Scenario 1 – Legacy (PNA) Site and No Store Available

• Scenario 2 – No Legacy (PNA) Site but Store is Available

• Scenario 3 – No Legacy (PNA) Site but Custom Store Name is Available

• Scenario 4 – Legacy (PNA) Site and Store is Available

• Scenario 5 – Use Email-Based Account Discovery

• Scenario 6 – Run the StoreFront Provisioning File

External Users Connecting Through NetScaler Gateway

• Scenario 1 – Use Email-Based Account Discovery

• Scenario 2 – Run the StoreFront Provisioning File

Internal Users Connecting to StoreFront Server

If users enter the FQDN of StoreFront server as shown in the following screen shot, then the Receiver scans the back end StoreFront server for the following paths:

• GET /citrix/pnagent/config.xml

• GET /Citrix/store/discovery

• GET /vpn

• GET /CitrixLogonPoint

• GET /Citrix/XenApp/Auth/Login.aspx

• GET /Citrix/DesktopWeb/auth/login.aspx

  

Scenario 1 – Legacy (PNA) Site and No Store Available

If Receiver finds a Legacy (PNA) site on StoreFront that is enabled by default and no store on StoreFront is called Store (that is /Citrix/Store), then the Receiver connects to the Legacy (PNA) site and prompts for credentials as shown in the following screen shot:

Scenario 2 – No Legacy (PNA) site but Store is Available

If Legacy (PNA) site is not available on StoreFront server, then the Receiver searches for a store on StoreFront called Store (that is /Citrix/Store). If the Receiver finds the store, then the Receiver populates the description field with the name of the Store and prompts for credentials.

Scenario 3 – No Legacy (PNA) Site but Custom Store Name is Available

If Legacy (PNA) site is not available and no store on StoreFront server is called Store (that is /Citrix/Store), then the Receiver reports the following error message:
"Error – Citrix Receiver could not verify the server address: https://StoreFrontFQDN"

In this scenario, you must select Manual Setup to define the custom path for the store in Citrix Receiver. Ensure that you enter the following information:

1. Enter the complete store URL address such as https://storefront.example.com/Citrix/<CustomName>.

2. Select StoreFront as Type.

   

   After authentication, users should be able to access the store from StoreFront server.

   

Scenario 4 – Legacy (PNA) Site and Store is Available

If the StoreFront server has both Legacy (PNA) site and a store called Store (that is /Citrix/Store), then the Citrix Receiver uses the store instead of the Legacy (PNA) site.

Scenario 5 – Use Email-Based Account Discovery

With the latest version of Citrix Receiver, users can now add an account or store without the StoreFront server FQDN or IP address. This is called Account Services or email-based account discovery. This feature is available and supported on Citrix StoreFront 1.2 or later, App Controller 2.0 or later, and NetScaler Gateway 10 69.4nc or later. Email-based discovery uses SRV (Service Location) DNS records created either on the Local DNS server, Authoritative DNS server, or both. To learn more about SRV (Service Location) record, refer to Citrix Documentation - Provide users with account information. In this scenario, users must enter an email address, as shown in the following screen shot:

Note: Citrix Receiver does not verify the authenticity of the email address entered. However, it verifies the domain of the email address. This is the domain that you have to use to query for a SRV record.

Users are now prompted to enter domain credentials:

Scenario 6 – Run the StoreFront Provisioning File

If the IT administrator decides not to create the SRV DNS record, then users should be able to run the provisioning file provided by StoreFront server either from the Receiver for web site or export the provisioning file from the StoreFront server console.

The following screen shots shows an example of the provisioning file from Receiver for web site:

The following screen shots shows an example of provisioning file from Citrix StoreFront console:

Note: Some Android devices do not allow the execution of the .CR file (provisioning file) from StoreFront. As a workaround, export the file from the StoreFront server, change the extension to .xml and send it as an email.

External Users Connecting Through NetScaler Gateway

To allow remote mobile users to connect to App Controller using iPad, iPhone, or Android devices, you must configure the new Citrix Receivers for mobile devices by using either the Provisioning File or mail-based account discovery.

If you provide the NetScaler Gateway FQDN, then the Receiver connects to the NetScaler Gateway through the Legacy (PNA) site instead of the store in the StoreFront server. If users want native connectivity to a store, then users must run the Provisioning File or complete the email-based account discovery wizard.

If users enter the NetScaler Gateway FQDN, then the Receiver scans the NetScaler Gateway appliance to identify which NetScaler Gateway edition the customer has deployed and then it adjusts the settings automatically.

If users enter the FQDN of NetScaler Gateway as shown in the following screen shot, then the Receiver scans the NetScaler Gateway for the following paths:

• GET /vpn --- NetScaler Gateway Enterprise

• GET /CitrixLogonPoint --- NetScaler Gateway Advanced

  

Because the Receiver connects to a Legacy (PNA) site and not to a store from StoreFront server, it is recommended to complete the following steps:

1. Configure the SRV DNS record so users can use the Email-based Account Discovery.

2. Run the provisioning file generated by StoreFront server.

Note: You can only run provisioning file for mobile devices with Receiver for iOS 5.6.0 or later and Receiver for Android 3.1.170 or later. In earlier versions of Citrix Receiver for mobile devices, connections to the Legacy (PNA) site are allowed only from StoreFront through NetScaler Gateway. This behavior on Citrix Receiver for mobile devices is available for customers who still use the Web Interface with XenApp Services site for mobile users. If the users upgrade to the latest Citrix Receiver for mobile, you must have the auto-client configuration available for the users to configure their mobile device accordingly.

Scenario 1 – Use Email-Based Account Discovery

To use the email-based Account Discovery, IT administrators must create the SRV DNS record either on the Local DNS server or on Authoritative/public DNS server. For more information about how to create the SRV record appropriately, refer to Citrix Documentation - Provide users with account information.

In this scenario, users must enter an email address:

Note: Citrix Receiver does not verify the authenticity of the email address entered. However, it verifies the domain of the email address. This is the domain that you have to use to query for a SRV record.

Users are now prompted to enter the domain credentials:

Scenario 2 – Run the StoreFront Provisioning File

If the IT administrator does not want to create the SRV DNS record, then users can run the provisioning file provided by StoreFront server either from Receiver for web site or export the provisioning file from the StoreFront server console.

The following screen shots shows an example of provisioning file from Receiver for web site:

Note: Some Android devices do not allow the execution of the .CR file (provisioning file) from StoreFront. As a workaround, export the file from the StoreFront server, change the extension to .xml and send it as an email.