{"id":1561,"date":"2016-11-07T05:16:00","date_gmt":"2016-11-07T05:16:00","guid":{"rendered":"http:\/\/neu.koetzingit.de\/typische-citrix-fallen-die-sie-kennen-sollten\/"},"modified":"2026-06-02T13:33:15","modified_gmt":"2026-06-02T13:33:15","slug":"typische-citrix-fallen-die-sie-kennen-sollten","status":"publish","type":"post","link":"https:\/\/www.koetzingit.de\/en\/typische-citrix-fallen-die-sie-kennen-sollten\/","title":{"rendered":"Common Citrix Pitfalls You Should Be Aware Of"},"content":{"rendered":"

A<\/span>As a freelancer, I often come across Citrix \u201epitfalls\u201c that clients tend to fall into. Since I've seen them so often, I can resolve them quickly\u2014much to the surprise of the administrator in charge. For example, the client wasted nearly two days on issue #7, but I fixed it in just a few minutes.<\/p>\n

Here is a list of common Citrix pitfalls:<\/span><\/h3>\n

<\/p>\n

    \n
  1. After setting up StoreFront, no one can log in. The StoreFront Delivery Controllers are configured and everything looks fine.
    Common mistake<\/b>: By default, StoreFront Delivery Controllers are set to\u00a0HTTPS and TCP Port<\/strong> 443<\/strong> and HTTP and port 80 aren't set! But XenDesktop Delivery Controller or XenApp use HTTPS\/443 is not the default<\/strong> and therefore do not respond to any inquiries.
    Quickly resolved<\/b>: In the Delivery Controller settings, set the type to HTTP and the port to TCP 80.
    Best option<\/strong>: Especially if StoreFront is also running on the Delivery Controller, enable SSL\/443 using a private or public certificate.\n

    \"Blogs<\/p>\n<\/li>\n

  2. Occasional issues launching applications via Netscaler Gateway using StoreFront or the web interface.\u00a0
    Common mistake<\/b>: The Secure Ticket Authority (STA) servers are not the same in NetScaler Gateway and StoreFront\/Web Interface
    Quickly resolved<\/b>: Using the EXACTLY the same STA server<\/strong> in Gateway and San Francisco\/Wisconsin
    Note<\/b>: I recommend using the FQDN for STA servers and not changing the default port 80 for the XML service.\n<\/li>\n
  3. After authenticating at the Netscaler Gateway, the familiar StoreFront error message appears: \u201eThe request cannot be completed<\/strong>\u201eI went through the excellent Citrix article CTX207162, but nothing changed.\u201d.
    Common mistake<\/b>: In StoreFront, the\u00a0Trusted Domains<\/strong>\u00a0e.g., with\u00a0MyDomain.com<\/strong> set so that users only need to enter their login name. However, in the Netscaler Gateway session profile, the Single Sign-On (SSO) domain was set to MyDomain<\/strong> has been set, and therefore the SSO request cannot be completed because it is being rejected.
    Quickly resolved<\/b>: Adding MyDomain or changing the trusted domains in StoreFront to MyDomain.com
    Note<\/b>: Check the Citrix Delivery Services event log under Application and Service Logs\n

    \"Blogs\u00a0\"Blogs<\/p>\n<\/li>\n

  4. Using the NetScaler VPX to load balance backend SSL systems such as Outlook Web Access without SSL offload. The load balancer is shown as offline.
    Common mistake<\/b>: Virtual Netscaler Appliances (VPX) only support up to\u00a02048-bit key size<\/strong> on backend systems, and if the value is higher, an error occurs!
    Quickly resolved<\/b>: Switching to SSL offload can be quite easy with some backend systems.
    Best option<\/strong>: Change the backend certificate to use a key size of only 2048 bits to maintain encryption security.
    Note<\/b>: Check the Netscaler Monitor; it should display a message indicating a synchronization issue.\n<\/li>\n
  5. You notice that the Netscaler (gateway) time is no longer synchronized, which is causing some issues. The NTP server has been configured.
    Common mistake<\/b>: NTP synchronization is not enabled. After the NTP server has been configured MUST<\/strong> synchronization can still be enabled
    Quickly resolved<\/b>: Under \"NTP Service Actions,\" enable synchronization
    Note<\/b>: If the time is still not synchronized, use the Netscaler CLI to verify that the NTP daemon has actually started.
    Link:<\/strong> Read more about this topic The Importance of Time in a Netscaler HA Setup<\/a>\n<\/li>\n
  6. When using the XenMobile Wizard in Citrix NetScaler, select\u00a0SSL offloading<\/strong>\u00a0to the XenMobile Server. Once it's finished, nothing works.
    Common mistake<\/b>: SSL offload is enabled by default\u00a0NOT active<\/strong>\u00a0on the XenMobile Server and the wizard does not indicate<\/strong>
    Quickly resolved<\/b>: Enable SSL offload in the XenMobile Server CLI
    Best option<\/strong>: Use SSL for XenMobile
    Note<\/b>: For greater security, you should use SSL; this is why Citrix has disabled SSL offload by default.\n<\/li>\n
  7. Are you having trouble finding the correct VMware vCenter root certificate to get XenDesktop hosting to work?
    Common mistake<\/b>: Didn't look closely enough \ud83d\ude09
    Quickly resolved<\/b>: On the vCenter login page, you will find the root certificate on the right-hand side. After downloading it, rename it to ZIP<\/strong>. Unzip the file and rename the \"01\" file to \"cer.\" This is the required root certificate.
    Note<\/b>: Check the certificate for the FQDN; newer versions usually also include the server FQDN.\n<\/li>\n
  8. You are using SecureHub to start HDX sessions, but you can't find the HDX settings for display, etc.
    Common mistake<\/b>: Even if you don't configure the receiver (required for HDX) using SecureHub, you still need to create an account in the receiver to access the HDX settings!\u00a0
    Quickly resolved<\/b>: As far as I know, there's no other option here besides creating an account.
    Note<\/b>: Not really a pitfall, but rather something Citrix has overlooked for years now.\u00a0\n<\/li>\n
  9. Single Sign-On isn't working
    Common mistake<\/b>: XML Trust has not been enabled
    Quickly resolved<\/b>: With XenDesktop 7.x, the trust must be enabled via PowerShell
    Note<\/b>: Up until XenApp 6.5, the trust could be easily enabled in the console.
    PoSh:<\/strong> Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true\u00a0<\/code>\n<\/li>\n
  10. Launching multiple sessions using the same Active Directory user account
    Common mistake<\/b>: Multi-session mode must first be enabled
    Quickly resolved<\/b>: With XenDesktop 7.x, this must be enabled via PowerShell, just as with Trust
    Note<\/b>: Up until XenApp 6.5, this could be done easily in the console.
    PoSh:<\/strong> Set-BrokerEntitlementPolicyRule -SessionReconnection DisconnectedOnly<\/code>\n<\/li>\n
  11. Launching Citrix sessions via Web Interface or StoreFront takes a long time or doesn't work at all.
    Common mistake<\/strong>: A proxy server is being used, and the Citrix client uses the browser settings
    Quickly resolved<\/strong>: In the default.ica file for strictly internal<\/strong> Set the proxy entry to NONE for connections.
    Note<\/strong>: Anyone using internal proxy servers should pay special attention to Citrix.
    CTXKB:<\/strong> StoreFront Client Proxy Configuration \u2013     https:\/\/support.citrix.com\/article\/CTX136516<\/a>\u00a0<\/li>\n<\/ol>\n

    \u00a0<\/p>\n

    Would you like to add anything? Please leave your comments below!<\/strong><\/p>","protected":false},"excerpt":{"rendered":"

    Als Freiberufler treffe ich h\u00e4ufig auf Citrix „Fallen“ in die Kunden gerne tappen. Da ich sie oft gesehen habe kann […]<\/p>\n","protected":false},"author":1755,"featured_media":1557,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[12],"tags":[27,136,37,135,28],"class_list":["post-1561","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles-de","tag-citrix","tag-common","tag-netscaler","tag-pitfall","tag-storefront"],"uagb_featured_image_src":{"full":["https:\/\/www.koetzingit.de\/wp-content\/uploads\/2016\/11\/pitfall.png",360,360,false],"thumbnail":["https:\/\/www.koetzingit.de\/wp-content\/uploads\/2016\/11\/pitfall-150x150.png",150,150,true],"medium":["https:\/\/www.koetzingit.de\/wp-content\/uploads\/2016\/11\/pitfall-300x300.png",300,300,true],"medium_large":["https:\/\/www.koetzingit.de\/wp-content\/uploads\/2016\/11\/pitfall.png",360,360,false],"large":["https:\/\/www.koetzingit.de\/wp-content\/uploads\/2016\/11\/pitfall.png",360,360,false],"1536x1536":["https:\/\/www.koetzingit.de\/wp-content\/uploads\/2016\/11\/pitfall.png",360,360,false],"2048x2048":["https:\/\/www.koetzingit.de\/wp-content\/uploads\/2016\/11\/pitfall.png",360,360,false],"trp-custom-language-flag":["https:\/\/www.koetzingit.de\/wp-content\/uploads\/2016\/11\/pitfall.png",12,12,false]},"uagb_author_info":{"display_name":"Thomas K\u00f6tzing","author_link":"https:\/\/www.koetzingit.de\/en\/author\/thomas-koetzing\/"},"uagb_comment_info":4,"uagb_excerpt":"Als Freiberufler treffe ich h\u00e4ufig auf Citrix „Fallen“ in die Kunden gerne tappen. Da ich sie oft gesehen habe kann […]","_links":{"self":[{"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/posts\/1561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/users\/1755"}],"replies":[{"embeddable":true,"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/comments?post=1561"}],"version-history":[{"count":1,"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/posts\/1561\/revisions"}],"predecessor-version":[{"id":1889,"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/posts\/1561\/revisions\/1889"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/media\/1557"}],"wp:attachment":[{"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/media?parent=1561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/categories?post=1561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.koetzingit.de\/en\/wp-json\/wp\/v2\/tags?post=1561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}