Citrix Storefront login issue...

Hi guys. I have a little problem with XenApp and logging in to the Storefront website.

I am trying to setup a demo version of XenApp 7.5 on WinSrv2008R2 Standard. I want to deliver only apps for this demo and i have gone through a couple of tutorials like this :

First one is about installing and configuring everything from scratch and the second one is about creating a certificate and binding it so it works with HTTPS.

So, after all the configurations went through i tried to login to my storefront which is located on https://appsrv.demo.local/Citrix/StoreWeb and get an error "Cannot complete your request"

If I enter this url "https://appsrv.demo.local" in my citrix receiver I get prompted for a username and a password and after I enter them the receiver greys out the URL field and does nothing else. If I press Next again while "frozen" it tells me to choose an account and if I press cancel it just exits the Receiver program.

I am trying everything localy from the server that has the software installed so its probably not a firewall thing since I can access the webpage but cant login.

Also this is from my event viewer every time I get the error on the webpage:

An error occurred during authentication.
System.NullReferenceException, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089
Object reference not set to an instance of an object.
AuthenticationControllerRequestUrl: https://appsrv.demo.local/Citrix/StoreWeb/ExplicitAuth/LoginAttempt
ActionType: LoginAttempt
   at Citrix.Web.AuthControllers.Controllers.ExplicitAuthController.CreateExplicitFormResponse(LoginRet loginRet)
   at Citrix.Web.AuthControllers.Controllers.ExplicitAuthController.GetExplicitAuthResult(ActionType type, Dictionary`2 postParams)

Any help would be greatly appreciated.

Bear in mind that I just want an App deployment and that everything is on one server ( that shouldnt be a problem as far as I have read about it ) Also, I dont have netscaler or anything like that so its not a problem related to netscaler ;)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Were you able to actually publish an application using the first link? And if so, after publishing the application, did you give yourself rights to use the application? Also, is this server member of a domain? And did you add your domain account to the app?
gicagoAuthor Commented:
I have made a delivery group in the Citrix Studio if that is what you mean by giving myself rights to use it. Do I need to assign it to a storefront server and if i do how do I do it?

When I go in "Studio -> Configuration -> Storefront" I get my server that has this url setup https://appsrv.demo.local/ but under the Delivery groups tab there is nothing.

Does that mean something didn`t connect properly or I did not assign a delivery group for the server?

The server is a domain controller and I made 2 additional users that I added to that delivery group in Studio + I added the domain admin to the group.

little edit:
I just checked and everything should be ok in that department.... I have a machine catalog that is assigned to a delivery group and when i click test delivery group 178 test complete successfully.
It is quite hard to see what happens when not seeing the environment but we will try (should get this working),.

What you need to do is create a delivery controller and add it to the StoreFront Store. Open the StoreFront console, go to Stores, select your store and click manage delivery controllers. Add the local server there, because this is the server that StoreFront connects to to see what app is being published.

You are able to access the website, right??
Also try and check at the Authentication part to see which ones are enabled. If you have a domain make sure to enable the domain pass-through security.
gicagoAuthor Commented:
I have a store on https://appsrv.demo.local/Citrix/Store and of course when i go to that url it says forbidden. But when I go to https://appsrv.demo.local/Citrix/StoreWeb i get the website that asks for username and password.

In the storefront console i also have a delivery controller in there
 (name: Appsite, type: XenApp, servers: appsrv.demo.local, use HTTPS)

I have set the authenitcation to domain pass-through, username and password and http basic (just in case)

Also, I have entered a trusted domain (demo) so i dont have to write the domain everytime and i can see that part works cause i can just enter username and password, before it would say that domain is needed.

Also, noticed that I have a Citrix Wallet event that is occuring randomly ( not when trying to login like the error in the original post )

The Replication Node has faulted. Attempting to restart...

And one event from Citrix Subscriptions Store Service

Subscriptions Synchronizer Replication Node has faulted. Attempting to restart...

What are those nodes and is this the source of the problems? :/ Im investigating further, will let you know if anything new comes up...
https://appsrv.demo.local/Citrix/StoreWeb  is the website you should be using. Are you able to log on there or get the message almost instantly then??

Subscriptions Synchronizer  is used to pick up information from the XenApp farm to the StoreFront server. What XML port are you using and did you install?? XMl port configuration for StoreFront can be found while managing the delivery controller. There should be a server in the Edit Delivery Controller list (the local server) and a port to use. This port should be opened up on the firewall for communciations between StoreFront and your Citrix farm.

I believe i might just have an idea what is happening. Citrix needs an XML port to communicate between StoreFront and Citrix farm. Default this port is 80. Also, the default port for the StoreFront is 80. I might just be that these 2 are in conflict with eachother.. Try to see which PID is using port 80 on the server with netstat.
gicagoAuthor Commented:
I can open the page but as soon as I enter my credentials i get the "Cannot complete your request"

While I installed the software I didn`t change any ports so everything is default. Also, i have set the port to HTTPS 443 in the Edit delivery controller section of Storefront.

Since its all on the same machine it could be a port conflict but it says in the Citrix studio that everything is using https... How can I change the XML port or is it ok to leave it at 443?

While running the netstat -bo command i got a lot of http listeners, Storefront being one of them. Is it possible that my cert is wrong or something in IIS ? How do I change the ports or I already did that in the delivery controller section?

again a little edit:

I noticed that the page from the event viewer that has the error is https://appsrv.demo.local/Citrix/StoreWeb/ExplicitAuth/LoginAttempt but that page doesnt exist in the C:\inetpub\wwwroot\Citrix\StoreWeb folder ... maybe its trying to authenticate but there is no auth file?
There is nothing wrong with your certificate. Even if it was wrong you would still be able to login. You wouldn't be able to setup a session but you cant even login. Also, you would receive a certificate error when connecting to the website, is this the case?

Your XML port normally isn't  HTTPS when configured out of the box, it is HTTP. Normally you set it up with port 8080 (but it could also be 80).

Check this link to configure your XML port. Do make sure to change the XML port in your StoreFront configuration after you changed the XML port for the Citrix server, they need to match. What the StoreFront server does is query a Citrix server in the farm that you added to the storefront on the XML port to check and see if the user actually is permitted to log in and has applications assigned to him.
gicagoAuthor Commented:
Ok, so here is the deal. It seems that its not supported or its not recommended to install Delivery Controller on a DC (domain controller) also, when I tried reinstalling Storefront it said Storefront is only supported on Win server 2012 and newer but I installed everything on Server 2008R2 without an error :/

Also, Domain Certificate role should not be installed on a DC ( I dont know how I even managed to install it on a DC without giving me some kind of warning or error )

After a while of reading I decided to scrap the Server 2008R2 install and make a clean Win server 2012 R2 installation in an environment with a DC and a separate Certificate authority server.

After all the configurations the only thing I needed to edit is an SSL setting in Group policy editor because of some WinSrv2012R2 patch KB2919355 that messes up the communication between Citrix Store and Delivery Controller.

"Use gpedit.msc on the DDC to enable the SSL Cipher Suite Order policy in Computer Configuration  → Administrative Templates → Network → SSL Configuration Settings. Reboot DDC."

Thanks for the help. I gave you an assisted solution because your explanation about ports and the roles that gave me errors led me in the right direction about revisiting the whole deployment :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Oke, i thought that, even though not adviced, it would be possible to install it on a DC server. Because it was just a test it should be possible.
Good to hear you got it fixed though..
gicagoAuthor Commented:
I managed to get it working on a different OS after reading the expert answers and rethinking the deployment.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.