Configure Citrix Receiver Email-Based Discovery

Setting up the initial connection from Citrix Receiver has become much easier with the introduction of Email-Based Discovery in StoreFront 1.2. Users no longer need to know the name of the StoreFront server, Access Gateway FQDN or the name of the Store when setting up the connection. Instead, users enter their email addresses and Citrix Receiver contacts the DNS server for the domain specified in the email address to obtain the required information.

This setup requires following components:

  • Citrix StoreFront 1.2
  • Citrix Netscaler Access Gateway 10.0 (only required for remote connections)
  • One of the following Citrix Receivers:
  • Citrix Receiver for Windows 3.3
  • Citrix Receiver for iOS 5.6.1
  • Citrix Receiver for Android 3.1.170
  • A DNS Service Location resource record (aka. DNS SRV record)

I used the new Netscaler 10 Access Gateway Configuration Wizard to set up the Access Gateway vServer. This wizard configures Session Policies and Session Profiles based on direct StoreFront access for the new Citrix Receivers. The wizard creates a Netscaler Access Gateway vServer in SmartAccess Mode. This means that every concurrent connection to the vServer need a Citrix Access Gateway Universal license on the Netscaler. I’m going to look into this and hopefully I will be back with updated info on how to use the vServer in Basic Mode soon.

In my lab I point the SRV records in both the internal and external DNS zones to the FQDN of my Netscaler Access Gateway VIP.
In this case Citrix Receiver retrieves its configuration through the Access Gateway regardless of the user’s location. Note that this does not mean that the XenApp/XenDesktop traffic goes through the Access Gateway when you establish a connection from Citrix Receiver. That is handled by your Beacon configuration in StoreFront.

Add DNS Service Location (SRV) record

To allow users to configure Citrix Receiver by using an email address, you need to add a SRV record to your DNS zone to support Email-Based Discovery.

  • Log in to your DNS server
  • In DNS -> Right-click your Forward Lookup Zone (in this case mycompany.com)
  • Click on Other New Records…

  • Scroll down to Service Location (SRV)
  • Choose Create Record…

  • Click in the Service box and enter the host value _citrixreceiver
  • Click in the Protocol box and enter the value _tcp
  • In the Host offering this service box, specify the FQDN of your StoreFront server, in my case access.mycompany.com
  • In the Port number box, specify the port number to your StoreFront server (usually port 443)

Checking SRV record using nslookup

You can use nslookup to check if the SRV record is configured correctly in DNS:

  • Open command prompt
  • Type nslookup
  • Type “set type=srv
  • Type “_citrixreceiver._tcp.mycompany.com

The response from your external DNS should be something like this:

_citrixreceiver._tcp.mycompany.com SRV service location:

priority = 0

weight = 100

port     = 443

svr hostname = apps.mycompany.com

Configuration of Netscaler Access Gateway

To allow users to configure Citrix Receiver from a remote location you need to add the StoreFront URL in the Global settings or in a particular Session Profile of your Netscaler Access Gateway.

  • Log in to the Netscaler management console
  • In the Access Gateway node, create a new Session Profile or open an existing Session Profile for access to StoreFront services
  • Click the Published Applications tab
  • Next to Account Services Address, click Override Global and then enter the StoreFront URL. In my example the Storefront URL is https://access.mycompany.com

  • To make this work you have to allow Clientless Access to your StoreFront SessionProfile

  • Configure a StoreFront Session Policy to request the configured StoreFront Session Profile

  • Bind the Session Policy to your Netscaler Access Gateway Virtual Server (or Group for more granular control)

Configure Citrix Receiver

When the users start Citrix Receiver for the first time they get a wizard for setting up the connection to the StoreFront Store. If a previous version of Citrix Receiver is installed and configured, this configuration wizard is skipped when you upgrade to the latest Citrix Receiver.

Configure Citrix Receiver 3.3 for Windows – Email-Based Discovery

  • Enter your email address

  • Enter your domain credentials

The Citrix Receiver is now set up and ready to go.

Configure Citrix Receiver for iOS 5.6.1 – Email-Based Discovery

Note! When setting up Citrix Receiver for iOS with Email-Based Discovery you probably have to remove any previous configured connection first.

  • Choose “Add Account

  • Enter your company email address

  • Enter your domain credentials

  • Hit the “+” tab to add your favorite apps

You should now be up and running with Citrix Receiver for iOS

Configure Citrix Receiver for Android 3.1.170 – Email-Based Discovery

  • Enter your company email address

  • Enter your domain credentials

  • Check the “I trust this application” box

  • The Citrix Receiver uses a Micro VPN connection to StoreFront server through Netscaler Access Gateway

9 thoughts on “Configure Citrix Receiver Email-Based Discovery

  1. Great article.

    I just setup the email based discovery, but I must have something wrong with my certificates, because i’m getting a message “Certificate provided by the server is not trusted. Account information cannot be added”

    I’m using wildcard certs for my internal and external DNS, and the default IIS site is bound to the internal wildcard (digicert) and works fine for the receiver website.

    Any ideas?

    • If you are using internal cerificates, make sure you trust the root certificate first. I’ve also seen this on windows receiver, you need to access the url of the GW once in a browser, then the certificate will be added to your local store, and this error will disappear. This is a weakness in the windows receiver.

  2. Hi Frode, I think your instructions are slightly confusing because your Receiver Session Profile has ‘access.mycompany.com’ but the store in your example is actually ‘apps.mycompany.com’.

    As I understand it, the Session Profile for Receiver does not actually need a value in the Web Interface field, however for email discovery the Account Services Address needs to be the *internal* store URL.

    • The email base discovery SRV record will look for the Store Front URL
      If you are internal Your point the SRV record internal DNS to storefront URL
      If you are accessing from AGEE your external DNS SRV record will point to the AGEE VIP that will use the accounts services URL what needs to point to SF URL.

      The WI value is use for the Header Citrix-Gateway

      Hope this helps

    • We published this article 6 months before citrix did, but the procedure is the same. I don’t think Citrix needs to read blogs to know how to do this.

Leave a Reply

Your email address will not be published. Required fields are marked *

*