Launching Process of Published Apps and Desktops for the Internal Network Through Citrix Storefront
Article ID: CTX236889
Updated On:
Description
- This is the internal Network Flow of a Published Apps/Desktop Session through Citrix Storefront (bypassing Citrix Netscaler Gateway) for troubleshooting purposes
Instructions
Steps happen when users access their desktops and apps:- Authentication
- Citrix Workspace App contact StoreFront using HTTP (TCP port 80) or HTTPs (TCP port 443)
- StoreFront presents an authentication page
- User submits credentials
- StoreFront contacts AD using Kerberos (UDP/TCP on port 88) to authenticate the user
- AD returns a response to StoreFront
- The user gets logged in to the store
- Resource Enumeration
The idea of enumeration is the retrieval of apps and desktops that are assigned to the user and presenting them to the user. The resources can be chosen and launched assuming that the user has already been authenticated to the Store.
- After successful authentication, StoreFront passes user credentials to the Delivery Controller using HTTP (TCP port 80) or HTTPs (TCP port 443) for the list of resources available for a specific user.
- Delivery Controller contacts AD for LDAP request (TCP port 389) to identify the user's identity and group memberships.
- Delivery Controller contacts Site Database (TCP port 1433) stored on the SQL Server to obtain apps and desktops metadata such as names and icons associated with the resource user group access to.
- Deliver Controller sends the information back to StoreFront using HTTP (TCP port 80) or HTTPs (TCP port 443)
- StoreFront presents all the resources directly to Citrix Receiver on the user's endpoint
- Resource Launch
- The user clicks the icon shown in the store (TCP port 80 or 443)
- StoreFront contacts Delivery Controller using HTTP (TCP port 80) or HTTPs (TCP port 443)
- Delivery Controller reaches out to SQL Server (TCP port 1433) to identify the most suitable VDA
- Delivery Controller contacts that VDA (TCP port 80)
- For Server OS VDAs, they are always listening for incoming connections
- For Desktop OS VDAs, they are now beginning to listen for incoming connections
- VDA returns a session key to the Delivery Controller
- Delivery Controller sends the session key containing all of the connection information to StoreFront (TCP port 80 or 443)
- StoreFront put all the connection information into the default .ICA file and sends it to the endpoint (TCP port 80 or 443)
- Session Initialization
- Citrix Receiver on user endpoint directly contacts VDA (TCP port 1494/2598 based on session reliability) using connection information stored in .ICA file
- VDA notifies the Delivery Controller of the connection setup (TCP port 80)
- Delivery Controller contacts the License Server (TCP port 7279) to check out the license on behalf of the device or user connected to the environment
- Delivery Controller commits session connection information to site database on SQL Server (TCP port 1433)
- The user interacts with app or desktop resources (TCP port 1494/2598 based on session reliability)
Issue/Introduction
These are the following steps, when users access their desktops and apps.
1. Authentication
2. Enumeration
3. Resource Launch
4. Session Initialization
Additional Information
Problems may occur during the process:
- Authentication
- User cannot logon - check for AD authentication
- Enumeration
"There are no apps or desktops available to you at this time" after login
- The user has not been assigned any resources or the user is assigned in the wrong user group.
- Storefront access to DDC (wrong DDC address\ wrong XML port\ Broker Service down \ wrong SSL certificate on DDC when using HTTPs)
- DDC has a problem communicating with DataBase, may transaction log full if using SQL mirror or AlwaysOn
- Resource Launch Process
- No .ICA file download - communication problem between DDC and VDA / no available VDAs
- Session Initialization
- VDA registration problem
- The endpoint cannot connect to VDA (port blocked/ DNS resolving problem)
Was this article helpful?
Yes
No
Powered by
