StoreFront

What’s new

What’s new in 1912 LTSR

Version 1912 LTSR of StoreFront includes the following new features and enhancements since 3.12 LTSR:

StoreFront Protocol Handler Support now includes Chrome devices with Workspace app for Android

When users on Chrome devices open a Citrix Receiver for Web site, with Citrix Workspace app for Android 1912 or higher, the browser automatically opens ICA files using Citrix Workspace app for Android at launch.

The client detection work flow for Android—which determines whether Citrix Workspace app for Android is installed—is now identical to Citrix Workspace app for Windows and Citrix Workspace app for Mac when the Chrome browser is used on Chrome devices. In previous releases, users on Chrome devices were required to manually open a downloaded ICA file first.

Note:

Citrix Workspace app for Android 23.12.0 and higher are not supported on on ChromeOS.

Support for App Protection policies

StoreFront 1912 supports App Protection policies to enhance security when other Citrix components, such as Citrix Workspace app and Citrix Virtual Apps and Desktops delivery controllers, also support the App Protection feature. App Protection policies are set at the Delivery Group level, and Citrix Virtual Apps and Desktops determines whether App Protection policies are used. You need to manually enable the App Protection feature within StoreFront. When StoreFront receives requests containing the HTTP header X-Citrix-AppProtection-Capable from a Citrix Workspace app that supports App Protection policies, StoreFront automatically sends a smart access tag to Citrix Virtual Apps and Desktops indicating that it supports App Protection policies. For details of configuring Delivery Groups with App Protection policies, see App Protection.

To enable App Protection on a StoreFront server, run the following PowerShell command on the StoreFront server: Add-STFFeatureState -Name "Citrix.StoreFront.AppProtectionPolicy.Control" -IsEnabled $True. (In a multiple-server StoreFront deployment, you must manually propagate these changes to all the other servers in the server group. See Propagate local changes to a server group.)

To verify that the feature is enabled on a StoreFront server, use the following PowerShell command: Get-STFFeatureState -Name "Citrix.StoreFront.AppProtectionPolicy.Control.

Desktop Appliance sites no longer supported

StoreFront support for users to access desktops on Desktop Appliance sites was announced as deprecated in Citrix Virtual Apps and Desktops 7 1811. At this release, Desktop Appliance sites are no longer supported, and we recommend using Citrix Workspace app Desktop Lock for all non-domain-joined use cases.

Warning:

When you upgrade to StoreFront 1912, any Desktop Appliance sites in your deployment are automatically removed. See Upgrade StoreFront.

StoreFront PowerShell SDK

The StoreFront PowerShell SDK has been updated including the following changes:

  • You can no longer create or manage Desktop Appliance sites using PowerShell.

  • New PowerShell cmdlets to support Certificate Revocation List (CRL) checking.

  • New PowerShell cmdlets to support the Citrix Analytics service

  • Updates to support improvements in collection of Federated Authentication Service (FAS) logon evidence. The object representing the Authentication service, returned by Get-STFAuthenticationService, has a property “AuthenticationOptions”. This has a new property “CollectFasEvidence” which is false by default. This must be enabled to use the new logon evidence feature.

Certificate revocation checking

From this release, StoreFront supports certificate revocation checking using CRL Distribution Point (CDP) extensions within certificates and locally installed certificate revocation lists (CRLs). When a revoked certificate is found in the CLR, StoreFront stops enumerating resources from Citrix Virtual Apps and Desktops delivery controllers which use that certificate. This capability allows your StoreFront to check for revoked certificates in your Citrix deployment if, for example, the private key or CA is compromised, or if certificate affiliation is changed, or if a certificate is superseded. You enable certificate revocation checking by setting a new -CertRevocationPolicy option using Citrix Storefront PowerShell cmdlets. For more information regarding the cmdlets and the settings available, see the article Certificate Revocation List (CRL) checking. For full details of the updated Citrix Storefront PowerShell cmdlets, see Citrix StoreFront SDK PowerShell Modules.

StoreFront Protocol Handler Support now includes Linux

When users on supported Linux platforms open a Citrix Receiver for Web site, and Citrix Workspace App for Linux 1903 or higher is installed, the browser automatically opens ICA files using Citrix Workspace App for Linux at launch. The client detection work flow for Linux, which determines whether Citrix Workspace App for Linux is installed, is now identical to Citrix Workspace App for Windows and Citrix Workspace App for MAC clients when Chrome and FireFox browsers are used. In previous releases, users on Linux were required to manually open a downloaded ICA file first.

Citrix Analytics service

You can now configure Citrix StoreFront so that Citrix Workspace App can send data to the Citrix Analytics service. Citrix Analytics aggregates metrics on users, applications, endpoints, networks, and data to provide comprehensive insights into user behavior. To enable this feature, import a configuration file from the Citrix Analytics service into a StoreFront server or server group using new PowerShell cmdlets. This enables all stores to communicate with the Citrix Analytics service. Configuration details are described in Citrix Analytics service. PowerShell details are provided in Citrix StoreFront SDK PowerShell Modules. This functionality is supported for the following scenarios:

  • Stores which are accessed by using Citrix Workspace app for HTML5 in a web browser. CAS data is supplied when launching resources using either the native Citrix Workspace app or within the browser.
  • Stores which are accessed from Citrix Workspace app for Windows 1903 or later.
  • Stores which are accessed from Citrix Workspace app for Linux 1901 or later.

Removal of classic user experience

The classic user experience (“green bubbles”) was announced as deprecated at StoreFront 3.12 LTSR, and it is no longer supported in StoreFront 1912. When you upgrade to StoreFront 1912, stores which were using the classic experience are changed to the unified experience. The unified experience delivers a centrally managed and consistent user experience to the web and to native Citrix Workspace apps, together with customization and featured app groups management.

Unified user experience

The unified experience has been updated to align it more closely with Citrix Workspace, and to extend its functionality.

Before:

previous user interface

After:

New user interface

To make an item a favorite, the user no longer needs to go into the application details, instead they can click the star in the top left corner of the card.

The user no longer has the ability to manually reorder apps on the homepage.

The Client UI Customization API is backwards compatible except for the following breaking changes:

  • The style myapps-view has been renamed to .myhome-view.

If you have made customizations that rely on styles or JavaScript outside of the published API then these may not be compatible with the new experience.

Citrix recommends that you test your customizations to ensure they are compatible with the new experience.

Support for FAS logon evidence and launch disposition data

StoreFront supports passing logon evidence and launch disposition data to Federated Authentication Service (FAS) for evaluation:

  • StoreFront can now capture logon evidence, and supply it to the FAS for validation when users attempt to launch VDAs. This allows customers to use FAS plug-ins to verify that authentication occurred at a trusted identity provider (IdP).

  • StoreFront can now supply launch ‘disposition’ data to FAS when VDAs are launched. This allows customers to provide access disposition data, which plug-ins on the FAS server can convert into role and security context for identity evaluation.

StoreFront Authentication SDK

The StoreFront Authentication SDK has been updated to support improvements in collection of Federated Authentication Service (FAS) logon evidence.

The StoreFront Authentication SDK documentation is now available.

Internet Explorer support

Versions of Internet Explorer earlier than 11 are no longer supported.

Pass-through from NetScaler Gateway - minor change to logoff behavior

If you are using pass-through from NetScaler Gateway authentication, when a user logs off Citrix Workspace app for HTML5, they are now redirected to the NetScaler logoff page. Previously, the user may have seen an authentication dialog. The behavior of the NetScaler logoff page depends on the NetScaler configuration. For example, the redirect may take the user to the identity provider’s logoff page, or to a page showing a simple “Logoff is successful” message.

Support for the control of local application launch on published desktops

For more information, see CTX232210.

Updated system requirements

See System requirements.

Fixed issues

The following issues have been fixed since version 3.12 CU5:

  • On-Prem StoreFront cannot add launch gateway for web links in MMC. [WSP-4368]

  • LCM-6351: Old registry keys of CitrixPrivilegedService_x64.msi were not removed after upgrade DDC. [WSP-4785]

  • If VMware VMTools v10.3.x is installed on your StoreFront server when you attempt to upgrade StoreFront to version 1906 using the Citrix Virtual Apps and Desktops 7 1906 meta-installer, the upgrade fails. StoreFront is upgraded successfully by the stand-alone StoreFront 1906 installer, but StoreFront 1906 is not added to the Windows Add/Remove Programs List. [WSP-4895]

  • Upgrades that include 2.6, 3.0.1, 3.5, 3.8 in their upgrade history may fail if the KCD service is in Stopped state. [WSP-5160]

  • Update http://downloadplugins.citrix.com to deliver Citrix Workspace app instead of end-of-life Citrix Receivers. [WSP-5303]

  • Attempts to log on to StoreFront might fail with the Cannot Complete your Request error. The issue occurs when there is a TCP dynamic port exhaustion. [LD0573, WSP-3567]

  • The message There are no apps or desktops available to you at this time remains visible even when the available apps or desktops are displayed. [LD0857, WSP-3799]

  • Disable the Desktop Viewer toolbar for a specified Delivery Group by adding the property ConnectionBar=0 under each application’s section of the default.ica file in the store. When you disconnect and then reconnect to the session, the Desktop Viewer toolbar is shown again. [LD1051, WSP-3704]

  • It is only possible to modify the order of Secure Ticket Authorities (STAs) in the StoreFront management console when the option Load balance multiple STA servers is selected. The logic should be reversed to allow STAs order to be modified only when Load balance multiple STA servers is not selected. [LD1118]

  • The default website setting might not appear correctly to the other nodes in an on-premises multiple-server group. As a result, the browser is forwarded to the HTTP URL for the node, rather than the correct URL. [LD1119]

  • Uninstalling StoreFront on Windows Server 2019 can result in the PowerShell console (Powershell.exe) no longer running on the server. The symptoms are that Powershell.exe opens briefly then vanishes immediately and cannot be used. Powershell_ISE.exe is unaffected and can still be used to run Powershell scripts. [STF-2585]

  • The StoreFront management console does not allow keywords ExcludeMe and IncludeMe to be set together. Either keyword can be set but as soon as you attempt to set the other, the first keyword is removed by the console. [STF-3388]

  • The StoreFront management console permits you to use the prohibited underscore character (_) in a Base URL. This makes stores inaccessible as DNS does not support the use of underscores. [STF-3509]

  • Receiver for Web becomes unusable if you use the StoreFront PowerShell SDK to set both Exclude and Include keywords for resource filtering. [STF-3208]

  • When a desktop contains an ampersand (&) character in its Display name, attempts to launch desktop sessions from Storefront fail with the warning “Cannot complete your request”. [STF-3369]

  • It is only possible to modify the order of Secure Ticket Authorities (STAs) in the StoreFront management console when the option “Load balance multiple STA servers” is selected. The logic should be reversed to allow STAs order to be modified only when “Load balance multiple STA servers” is not selected. [STF-3535]

  • When you upgrade StoreFront from 3.5 to a later version and Username and Password authentication is disabled on a store, unnecessary error messages containing “User name/password authentication is not enable in StoreFront” are written to the Event Viewer under “Delivery Services”.

  • These error messages have no negative impact and stores using authentication methods other than Username and Password still allow users to log on successfully. [STF-3566]

  • When you configure a StoreFront with a base URL that contains an underscore (_) and use it with the Citrix Gateway, an error might occur. [LC9678]

  • When using the Safari 12 and later browsers, client detection might fail on Citrix Workspace app for HTML5 because the Netscape Plugin Application Programming Interface (NPAPI) support was removed. For more information, see the Knowledge Center article CTX238286. [LD0863]

  • When you select a configured Site during the setup of XenDesktop, a default store might be created in StoreFront that uses the default Authentication Service. If you remove this store, users of Citrix Workspace app for Windows cannot add any other store and this error message appears:

    “A protocol error occurred while communicating with the Authentication Service.”

    [LC9404]

  • The session prelaunch might not work after you configure Resource Filtering by Keywords. [LC9642]

  • When you log on to StoreFront and refresh the Citrix Workspace app for HTML5 page, the timeout dialog box might be suppressed. [LD0214]

  • If StoreFront was originally installed using the executable from the installation media, StoreFront does not appear as eligible for upgrade if you use the full-product installer for a later version. As a workaround, upgrade StoreFront using the executable from the installation media. [DNA-47816, XAXDINST-43]

  • Attempts to log on to StoreFront might fail with the error Cannot Complete your Request. The issue occurs when the published applications have custom icons with minimum resolutions. [LC9521]

  • On the non-English version of the Microsoft Windows operating system, the DetectReceiver string might not appear on the button on the StoreFront webpage. [LC9713]

  • With the “Auto launch desktop” setting enabled, the “Multiple launch prevention” option might not work. As a result, subsequent requests to launch the same instance of the desktop fail. [LC7430]

  • With “TWIMode” set to “Off” for some applications, all applications are launched in windowed mode when using Citrix Receiver for Chrome. [LC7558]

  • After upgrading StoreFront 2.6 installed on a non-default drive, users’ application subscription data might not be retained. [LC8046]

  • When there are two or more stores in StoreFront, clicking “Configure Remote Access Settings” on the first or second store might duplicate that store name on the most recently added store. [LC8089]

  • When you configure stores with shared authentication in StoreFront, attempts to link a new NetScaler Gateway appliance to a store can cause the existing NetScaler Gateway appliances that are already linked to be removed. When you attempt to log on to the stores, the following error message appears:

    “Your logon has expired. Please log on again to continue.”

    Additionally, the StoreFront console shows duplicate store names. [LC8219]

  • When importing a store with HTML5 configuration using “Import-STFConfiguration” PowerShell command, import might complete successfully. However, attempts to launch an application using Citrix Receiver for HTML5 fail. [LC8290]
  • The StoreFront server might show null entries for Receiver for Web sites in the console. The issue occurs when the store name begins with the text “discovery” in the URL. [LC8320]
  • With the W3C logging service enabled, attempts to make changes to the StoreFront configuration might fail and the following error message appears:

    “An error occurred while saving your changes.” [LC8370]

  • This fix addresses a network socket issue in an underlying component. [LC8514]

  • After you restart the StoreFront MMC console, the value of the Show desktop viewer check box might be incorrectly displayed. [LC8520]

  • If you execute a Set-STFWebReceiverSiteStyle command with a PNG file (transparency is supported) to customize StoreFront, the PNG file is converted to a JPEG file. The JPEG file format might lose transparency support. [LC8677]

  • If you execute a Set-STFWebReceiverApplicationShortcuts command to set the trusted URLs for application shortcuts in Citrix Receiver for Web sites, a forward slash (“/”) might be added to the end of the URL. [LC8761]

  • When you use the Set-STFWebReceiverSiteStyle command to customize StoreFront, the style.css might be changed incorrectly in the Custom folder. As a result, the StoreFront console is not able to read the customization. [LC8776]

  • Authentication failure might occur on the StoreFront servers. The issue occurs because of TCP dynamic port exhaustion. [LC8795]

  • Attempts to change the StoreFront logo using the Set-STFWebReceiverSiteStyle command might fail. [LC8994]

  • With OverrideIcaClientname enabled, attempts to establish a remote session from the Remote Desktop client might fail. The issue occurs when the license is not renewed. One of these error messages might appear:

    “The remote session could not be established from remote desktop client WR_XxXXxXXX because its license could not be renewed.”

    OR

    “The remote session could not be established from remote desktop client WR_XxXXxXXX because its temporary license has expired.” [LC9246]

  • Attempts to upgrade StoreFront might fail when read only files are present within the custom file directory of any instance of Citrix Receiver for Web sites. [LC9252]

  • When you select a configured Site during the setup of XenDesktop, a default store might be created in StoreFront that uses the default Authentication Service. If you remove this store, users of Citrix Receiver for Windows cannot add any other store and this error message appears:

    “A protocol error occurred while communicating with the Authentication Service.” [LC9404]

  • Attempts to log on to StoreFront might fail with the error Cannot Complete your Request. [LC9521]

  • When you use the StoreFront SDK to customize certain features and configure aggregation of the store, the logon might fail with the error Cannot Complete your Request. The issue occurs when the published applications have custom icons with minimum resolutions. [LC9561]

  • Read-only files added to the custom, contrib, customweb or plugins folders of a Receiver for Web deployment, was preventing upgrades (error 643). [#DNA-53709]

  • After you restart the StoreFront MMC console, the value of the Show desktop viewer check box might be incorrectly displayed. [#LC8520]

  • If you execute a Set-STFWebReceiverSiteStyle command with a PNG file (transparency is supported) to customize StoreFront, the PNG file is converted to a JPEG file. The JPEG file format might lose transparency support. [#LC8677]

  • If you execute a Set-STFWebReceiverApplicationShortcuts command to set the trusted URLs for application shortcuts in Citrix Receiver for Web sites, a forward slash (“/”) might be added to the end of the URL. [#LC8761]

  • When you use the Set-STFWebReceiverSiteStyle command to customize StoreFront, the style.css might be changed incorrectly in the Custom folder. As a result, the StoreFront console is not able to read the customization. [#LC8776]

  • Authentication failure might occur on the StoreFront servers. The issue occurs because of TCP dynamic port exhaustion. [#LC8795]

  • Attempts to change the StoreFront logo using the Set-STFWebReceiverSiteStyle command might fail. [#LC8994]

  • With the “Auto launch desktop” setting enabled, the “Multiple launch prevention” option might not work. As a result, subsequent requests to launch the same instance of the desktop fail. [#LC7430]

  • With “TWIMode” set to “Off “ for some applications, all applications are launched in windowed mode when using Citrix Receiver for Chrome. [#LC7558]

  • After upgrading StoreFront 2.6 that is installed on a non-default drive, the application subscription data of users might not be retained. [#LC8046]

  • When you attempt to view the details of a desktop, details of an already viewed desktop might appear. [#LC8062]

  • When there are two or more stores in StoreFront, clicking “Configure Remote Access Settings” on the first or second store might duplicate that store name on the most recently added store. [#LC8089]

  • When you configure stores with shared authentication in StoreFront, attempts to link a new NetScaler Gateway appliance to a store can cause the existing NetScaler Gateway appliances that are already linked to be removed. When you attempt to log on to the stores, the following error message appears:

    “Your logon has expired. Please log on again to continue.”

    Additionally, the StoreFront console shows duplicate store names. [#LC8219]

  • When importing a store with HTML5 configuration using “Import-ST FConfiguration” PowerShell command, import might complete successfully. However, attempts to launch an application using Citrix Receiver for HTML5 fail. [#LC8290]

  • The StoreFront server might show null entries for Receiver for Web sites in the console. The issue occurs when the store name begins with the text “discovery” in the URL.[#LC8320]

  • With the W3C logging service enabled, attempts to make changes to the StoreFront configuration might fail and the following error message appears:

    “An error occurred while saving your changes.” [#LC8370]

  • With socket pooling enabled and the Site database connectivity inconsistent, the sockets in StoreFront might get exhausted when you continuously log on and log off. [#LC8514]
What’s new