Native Receiver Access to Internal and External Store with Always-on NetScaler Gateway VPN Fails
Article ID: CTX233632
Updated On:
Description
User is connected to LAN and Receiver is accessing StoreFront directly (or via LB). When moveing from LAN to Internet, Always-on VPN gets connected automatically. Now trying to launch an app results in error "There was a problem connecting: Store name". Trying to refresh the Receiver results in error "Your apps are not available at this time". Exit receiver from task-bar and relaunch, able to logon and launch apps successfully.
Resolution
Native Receiver access to an (internal / external) store via Always-On VPN is not an officially supported deployment.
Workaround:The only way for this to work seamlessly is to have an internal only store i.e the internal beacon should always be reachable regardless of being on LAN or internet.
Problem Cause
An already existing internal / external store integrated with ICA proxy NetScaler Gateway Vserver has beacons configured to detect internal or external location. Depending on the beacon check Receiver decides whether to contact StoreFront directly or via NetScaler Gateway (if external).
1. When user moves from LAN to intranet, this triggers a beacon check (changes in physical adapter) and in this scenario the external beacon check will be successful.2. This beacon check happens before full VPN could be established, so when VPN is eventually established Receiver has already detected it's location to be external.
3. Now, when Receiver resolves the StoreFront FQDN (after VPN is connected) it will resolve to internal StoreFront and also StoreFront becomes reachable directly.
Due to #3 Receiver connections land on internal StoreFront but due to #2, since it "thinks" its external the connection method (request url etc) used are that of NetScaler Gateway e.g. /cgi/login which does not exist on StoreFront and Receiver is never able to authenticate.
If Receiver is exited and restarted (while vpn is already connected), now beacon check will return internal, and also StoreFront resolved directly, so now apps become accessible.
Issue/Introduction
