StoreFront 2.0 load Balanced

Posted on 2013-09-17
Medium Priority
Last Modified: 2016-10-25
i am stuck at configuring StoreFront 2.0 , load balanced and provide access through Netscaler  , here is my situation.

I have been asked to build 2 Storefront servers , which should be part of the same group.

So as i understand  , i will setup the first server configure it and join the 2nd server to it.


Since i have been asked  to implement SSL certficate for storefront servers as well , we have a Internal root CA

How many certificates do i have to request.

Do i request 1 for each server ?

I want my internal users to go to https://Vdi.domain.com and be able to acces sthe published resources /desktops

What should be the Common Name of the certificate  ?

Will the common name for both certificates for both storefront servers be same ?

once i get it working internally , i will tehn have to setup Netsacler access

I followed http://support.citrix.com/article/CTX133185


However neither of them tells us about what has to be done with respect to certificates on the 2nd Storefront server.
Question by:MOQINFRA
  • 3
  • 3
LVL 25

Accepted Solution

Coralon earned 2000 total points
ID: 39501913
You will create the certificate on the first StoreFront server.  
The common name will be the load balanced name - vdi.domain.com.
After you have created the cert, you will export it, along with the private key into a PFX file.
You will import that PFX file into the 2nd StoreFront server.
You will then import that same PFX file into your netscaler.  

To test this, you will first configure a DNS alias for your common name internally, and just point it at the 1st netscaler.  
Get it working, then join your 2nd SF server to the group/farm.  (You don't actually configure your 2nd SF server - when you join it and provide the code, it automatically imports the configuration from the first one).
Then change your DNS alias to point to the 2nd SF server and test.
*Then* you change your DNS alias to point to the VIP on your Netscaler.

That's the basics of it :-)


Author Comment

ID: 39501942
quick question  (Many to come though)

When i export it from server01 (in IIS or mmc for certificates),

do i import it on server 02 through IIS or in the Certificates console > Personal >Certificates
LVL 25

Expert Comment

ID: 39502053
Yes.  You will export it with the certificates MMC and import it the same way.  Be sure you get your chaining & root certs also.  (There is a checkbox when you export to include all the certs in the chain).


Author Comment

ID: 39502514
After struggling for long -- I have made the 1st test and 2nd test work .

Now internally i am able to browse https://ourvdi.domain.com 

I have tested using the DNS Alias for both Servers and they work.

Will test the Netscaler stuff


P.S I Still have lot of StoreFront issues though related to - replication and Join

Author Comment

ID: 39512919
Getting stuck conceptualy on setting up netscaler:

Now that i have tested internally by creating CNAMES for both server and they work.

The certificate we issues internally using Intrnal CA has the Comman Name


However the certificate that we purchased from Symantec is


Was i supposed to use vdi.domain,com internally on the Storefront servers as well , or just on the netscaler.

How will the vdi.domain.com relate to our internal vditest.domain.com
LVL 25

Expert Comment

ID: 39520060
You'll use your vdi.domain.com on the Netscaler, and on the cert.  You'll point vdi.domain.com to the VIP on the netscaler.   You'll also load the vditest.domain.com certs on your Netscaler.

You'll attach the vdi.domain.com cert to the externally facing VIP, and vditest.domain.com cert on your internal facing VIP.  

The Netscaler will handle the SSL offloading the vdi.domain.com and passing through the vditest.domain.com SSL traffic.  

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Citrix XenDesktop, Citrix Studio, Citrix Policies, Citrix XenApp
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question