XenDesktop 7 Pt 5: Configuring Citrix StoreFront

One of the last steps to configure XenDesktop is to setup Citrix StoreFront. What is StoreFront? StoreFront is basically the web tier in a three tiered architecture (StoreFront, Desktop Controller, SQL database). It’s more than just a pretty face. Citrix Receiver directly talks to StoreFront, even if you never use your browser.

StoreFront 2.0, included in XenDesktop 7, no longer requires a separate database. There is a built-in replication engine that syncs the config between multiple StoreFront servers. That’s great for a DMZ configuration, and just one less database to worry about.

StoreFront is also now a complete replacement for the legacy Web Interface (WI), which is no longer installed and is deprecated in XD7. StoreFront is the only way to interface to your XenDesktop farm. There are various optional StoreFront settings you can tweak, but I’ll skip those here since the goal is just a quick PoC.

XenDesktop 7 Series

Part 1: Role Installation
Part 2: Configure Desktop Studio Site
Part 3: Install VDA
Part 4: Create Machine Catalog
Part 5: Configure StoreFront
Part 6: Create Delivery Group
Part 7: Receiver Configuration
Part 8: Install Server VDA
Part 9: Create Server Machine Catalog
Part 10: Create Application Delivery Group

Citrix StoreFront Configuration

1. First we need to configure IIS to use an SSL certificate. StoreFront is built on IIS, and pre-configuring the SSL certificate saves a step when we create the StoreFront. No special certificate properties are required for StoreFront. You can use any valid server authentication SSL certificate, be it from a Microsoft CA or trusted CA. Add a HTTPS binding to the IIS Default Web Site.

If you are using a load balancer then you should use a certificate with the StoreFront VIP FQDN (e.g. StoreFront.contoso.com).  I suggest rebooting the server after the certificate is assigned so that all of the Citrix services recognize and bind to the certificate (or should).

7-1-2013 8-08-21 PM

2. Now that IIS is secure, go back into Desktop Studio and open the Citrix StoreFront node. For me a store got automatically created, so I deleted it and will show you the manual steps. Click on the Stores node and in the right pane click on Create Store.

7-1-2013 8-14-45 PM

3. When the wizard starts enter a store name. I’m not feeling creative tonight, so I called mine Store.

7-1-2013 8-29-46 PM

4.  Now we need to add the delivery controllers that StoreFront will interface with. Here you can add multiple farms, and a mixture of XenDesktop, XenApp, and other Citrix products. I’ve successful used StoreFront with both XenDesktop 5.6 and 7.0 farms at the same time. If you are load balancing your desktop controllers you can enter the VIP FQDN here. It would be nice if Citrix added a “Test” button here to validate the controllers were valid. That could help with troubleshooting if the store was empty when you tested it.

7-1-2013 8-17-14 PM

5. StoreFront also interfaces very nicely with the NetScaler AccessGateway. So here you can configure how users will be accessing the XenDesktop infrastructure. AccessGateway is out of scope for this series, so I’ll skip that step and finish the wizard.

7-1-2013 8-20-56 PM

6. Once the store is created it will give you the web browser URL that you can use to access it. Now during my PoC install StoreFront didn’t recognize my SSL certificate, even though IIS was using it. Plus, you may need to customize the URL for a loadbalanced FQDN. This is easily accomplished via a powershell command. Citrix: Please put this in the GUI, and warn about SSL issues during the StoreFront creation.

Also take note that to access StoreFront from a web browser you must append “Web” to the store URL, as the URL shows below. Don’t try going to /Citrix/Store as that won’t work.

7-1-2013 8-22-11 PM

7. To change the StoreFront base URL you can go to the Server Group node and in the right pane select Change Base URL. Here I changed the URL to use HTTPS. If you are using a load balancer for StoreFront you could change the FQDN to the VIP.

7-2-2013 6-17-30 AM

8. Back in the StoreFront console, after refreshing, you can see that the service is using HTTPS.

7-1-2013 8-46-17 PM

9. One quick tweak to make authentication easier is to set a default domain. This way the user doesn’t have to enter a domain when authenticating to the StoreFront web site. Locate the Authentication node, then in the right pane click on Configure Trusted Domains.

7-1-2013 9-24-12 PM

And that’s pretty much it to get an operational StoreFront. If you open your browser and go to the full web store URL you should get a green bubbly Citrix receiver page.

7-1-2013 9-26-56 PM

In Part 6 we configure a delivery group, which defines what users can access our VDI resources.

Print Friendly, PDF & Email

Related Posts

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
July 23, 2013 10:13 pm

Hey Derek Seaman

I am not using load balancing so I don't required 1 option i can go with the 2nd option.

G Sandeep Reddy
August 22, 2013 4:46 am

Hi Derek Seaman,

After i change the base URL from http to https, in stores it says THE CERTIFICATE ASSOCIATED WITH THE WEBSITE DOESN'T MATCH THE THE SERVICE URL. I am also setting up POC for xend7, Kindly suggest any resolution for this.


August 25, 2013 6:13 am

YES, I got the same error message “THE CERTIFICATE ASSOCIATED WITH THE WEBSITE DOESN’T MATCH THE THE SERVICE URL.” Anybody has an idea? Proceeded with the whole description above. Thanks

August 29, 2013 6:31 am

Any issue of StoreFront 2.0 with XD5.6FP1 and XA6.5.
This guy has issue with those combination http://forums.citrix.com/thread.jspa?threadID=334

November 24, 2013 8:49 am

As an fyi, if you install the Storefront and the Desktop Controller to different servers, and you want that connection to use HTTPS instead of HTTP (in step 4 above), then there's often an extra step. On the Desktop Controller, you have to bind the certificate to the port. There is no error if you don't do this; the symptom is that when you connect the Receiver to the Storefront, you won't have any apps even if everything else is configured properly. You can test the issue quickly by opening the Storefront mmc and changing the connection to use HTTP… Read more »

Citrix Web Interface products | Outlook Web App | RD Web Access
December 31, 2013 12:22 am

Any issue of StoreFront 2.0 with XD5.6FP1 and XA6.5.
I have the same question as like this person. Anyone help me? http://discussions.citrix.com/topic/334782-missin

February 25, 2014 10:52 pm

The Certificate related to the web site does not match the service url." Anybody has associate degree idea?

Adam Smith
March 27, 2014 11:53 pm

Hello Derek ,
I have an issue that when i change the base URL from HTTP to HTTPS, it says "The certificate associate with the website doesn't match the service URL.. Kindly suggest me .

Duc Nguyen
April 24, 2014 9:29 am

Hi Derek,

We are using Hyper-V for backend. I followed the instruction above. When I enter https://xd-sf01.ourdomain/Cictirx/StoreWeb I got a green bubbly page with an error message " Can't complete your request with a logon button". Have you seen this error before.


May 18, 2014 12:17 am

Hi Derek,

i changed base url from hhtp to https , after that i am not able to login by it saying " Could not connect " error

please help me .


November 20, 2014 6:01 am

so till now i have followed your tutorial. but when I try to log in, mijn vm starts on my xenserver but the client get the massage (cannot start desktop).