Deploying StoreFront Services

Citrix released CloudGateway v2 two days ago. My client’s team was anxious to download and install StoreFront Services 1.2 for an upcoming project demonstration scheduled later this week. Shortly after the announcement webinar was finished, we had the code downloaded and installed. Unfortunately, because we installed it without reading all the documentation we spent the next day troubleshooting it since we had no previous experience with StoreFront Services. Today’s blog is about two things you can do that will save you time should you choose to skip reading the online Citrix eDocs documentation for this product.

Certificates

It turns out that the first time you configure StoreFront services it binds to the IIS site as configured. What it does not do, is reconfigure itself after you make changes to the IIS server like Web Interface does. For instance, we installed StoreFront services and had a server URL of http://server.domain.com/Citrix/MyAppStore. We then added an SSL certificate for server.domain.com and restarted IIS. StoreFront continued to report the HTTP URL, even after running IISReset and rebooting the server. The only solution to get it to move from HTTP to HTTPS that we found was to uninstall StoreFront services and then reinstall after updating the server certificate. This means the most efficient order of installation for StoreFront is to let the installer manage the IIS installation, add the certificate and then configure StoreFront as follows:

1. Install the StoreFront services code using CitrixStoreFront-x64.exe. Let it automatically install and configure IIS and .NET Framework 3.5.1.
2. After StoreFront is installed but before you click anything in the StoreFront configuration wizard, open IIS Manager and install the webserver certificate (2048-bit with FQDN of server name) then bind it to the default website.
3. Complete the StoreFront configuration wizard.

The StoreFront console will show a warning indicator if the server site is using HTTP instead of HTTPS . If you see any warnings around SSL certificates, they should be corrected immediately. Unfortunately, most of the SSL certificate changes as mentioned earlier are likely to require a reinstall of the StoreFront services code.

Starting with Citrix Receiver 3.1, unsecure (HTTP) URLs are no longer accepted by default and it too will throw an error if you are pointing to an HTTP store front. If you wish to bypass this behavior, you can modify the client registry as discussed in the Citrix KB article CTX131857.

Database

StoreFront services needs a SQL database to store the user preferences and icon selections. Apparently though, the install and the server itself never warns you that the database is not there. Instead, it acts like it works fine, the database connection passes, and you don’t know it is broken until you try to add an application from the Receiver and get a cryptic warning about not being able to store applications. Strangely enough, the Receiver Website works beautifully every time without the SQL database.

If you are seeking a single StoreFront Services server, you can manually install Microsoft SQL Server on the StoreFront server prior to starting the configuration wizard and then choose to Deploy a Single Server. If however, you want to have multiple StoreFront servers for fault-tolerance, you will need to Deploy a Multiple Server group which uses a remote Microsoft SQL Server. If you are using a remote Microsoft SQL Server, you will need to not only create the database, but also populate it and grant permissions to the local computer accounts. The high-level steps that need to be completed include the following:

1. Join the SQL Server to the domain because you have to grant the StoreFront machine accounts access to the database, similar to XenDesktop.
2. Run a SQL script to create the database.
3. Run a SQL script to populate the objects within the database.
4. Create a local group on the SQL server and add the Storefront computer accounts into that local group.
5. Run a SQL script to create the login for the local computer group.
6. Run another SQL script to map the login to user accounts in the computer group.
7. Verify that TCP connections are enabled and SQL Server Browser service is set to autostart

The SQL scripts and the online documentation can be found here.

Incidentally, if you want to speed up the performance of the Receiver and the StoreFront services, the old recommendations in my earlier blog “Speeding Up Web Interface”  work with StoreFront services as well.

If you liked this blog and want to be notified of future blogs, please feel free to follow me on Twitter @pwilson98. The author would like to provide special thanks to Jonathan Rullan and Brian King for their contributions to this blog!