Configure Desktop Appliance sites
The tasks below describe how to create, remove, and modify Desktop Appliance sites. To create or remove sites, you execute Windows PowerShell commands. Changes to Desktop Appliance site settings are made by editing the site configuration files.
Important: In multiple server deployments, use only one server at a time to make changes to the configuration of the server group. Ensure that the Citrix StoreFront management console is not running on any of the other servers in the deployment. Once complete, propagate your configuration changes to the server group so that the other servers in the deployment are updated.
Note: The StoreFront and PowerShell consoles cannot be open at the same time. Always close the StoreFront admin console before using the PowerShell console to administer your StoreFront configuration. Likewise, close all instances of PowerShell before opening the StoreFront console.
To create or remove Desktop Appliance sites
Only a single store can be accessed through each Desktop Appliance site. You can create a store containing all the resources you want to make available to users with non-domain-joined desktop appliances. Alternatively, create separate stores, each with a Desktop Appliance site, and configure your users’ desktop appliances to connect to the appropriate site.
-
Use an account with local administrator permissions to start Windows PowerShell and, at a command prompt, type the following command to import the StoreFront modules.
& "installationlocation\Scripts\ImportModules.ps1" <!--NeedCopy-->Where installationlocation is the directory in which StoreFront is installed, typically C:\Program Files\Citrix\Receiver StoreFront\.
-
To create a new Desktop Appliance site, type the following command.
Install-DSDesktopAppliance -FriendlyName sitename -SiteId iisid -VirtualPath sitepath -UseHttps {$False | $True} -StoreUrl storeaddress [-EnableMultiDesktop {$False | $True}] [-EnableExplicit {$True | $False}] [-EnableSmartCard {$False | $True}] [-EnableEmbeddedSmartCardSSO {$False | $True}] <!--NeedCopy-->Where sitename is a name that helps you to identify your Desktop Appliance site. For iisid, specify the numerical ID of the Microsoft Internet Information Services (IIS) site hosting StoreFront, which can be obtained from the Internet Information Services (IIS) Manager console. Replace sitepath with the relative path at which the site should be created in IIS, for example, /Citrix/DesktopAppliance. Note that Desktop Appliance site URLs are case sensitive.
Indicate whether StoreFront is configured for HTTPS by setting -UseHttps to the appropriate value.
To specify the absolute URL of the store service used by the Desktop Appliance Connector site, use StoreUrl storeaddress. This value is displayed for the Store summary in the administration console.
By default, when a user logs on to a Desktop Appliance site, the first desktop available to the user starts automatically. To configure your new Desktop Appliance site to enable users to choose between multiple desktops, if available, set -EnableMultiDesktop to $True.
Explicit authentication is enabled by default for new sites. You can disable explicit authentication by setting the -EnableExplicit argument to $False. Enable smart card authentication by setting -EnableSmartCard to $True. To enable pass-through with smart card authentication, you must set both -EnableSmartCard and -EnableEmbeddedSmartCardSSO to $True. If you enable explicit and either smart card or pass-through with smart card authentication, users are initially prompted to log on with a smart card, but can fall back to explicit authentication if they experience any issues with their smart cards.
The optional arguments configure settings that can also be modified after the Desktop Appliance site has been created by editing the site configuration file.
Example:
Create a Desktop Appliance Connector site at virtual path /Citrix/DesktopAppliance1 in the default IIS web site.
Install-DSDesktopAppliance \` \-FriendlyName DesktopAppliance1 \` \-SiteId 1 \` \-VirtualPath /Citrix/DesktopAppliance1 \` \-UseHttps $false \` \-StoreUrl https://serverName/Citrix/Store \` \-EnableMultiDesktop $true \` \-EnableExplicit $true \` \-EnableSmartCard $true \` \-EnableEmbeddedSmartCardSSO $false -
To remove an existing Desktop Appliance site, type the following command.
Remove-DSDesktopAppliance -SiteId iisid -VirtualPath sitepath <!--NeedCopy-->Where iisid is the numerical ID of the IIS site hosting StoreFront and sitepath is the relative path of the Desktop Appliance site in IIS, for example, /Citrix/DesktopAppliance.
-
To list the Desktop Appliance sites currently available from your StoreFront deployment, type the following command.
Get-DSDesktopAppliancesSummary <!--NeedCopy-->
To configure user authentication
Desktop Appliance sites support explicit, smart card, and pass-through with smart card authentication. Explicit authentication is enabled by default. If you enable explicit and either smart card or pass-through with smart card authentication, the default behavior initially prompts users to log on with a smart card. Users who experience issues with their smart cards are given the option of entering explicit credentials. If you configure IIS to require client certificates for HTTPS connections to all StoreFront URLs, users cannot fall back to explicit authentication if they cannot use their smart cards. To configure the authentication methods for a Desktop Appliance site, you edit the site configuration file.
-
Use a text editor to open the web.config file for the Desktop Appliance site, which is typically located in the C:\inetpub\wwwroot\Citrix\storenameDesktopAppliance directory, where storename is the name specified for the store when it was created.
-
Locate the following element in the file.
<explicitForms enabled="true" /> <!--NeedCopy--> -
Change the value of the enabled attribute to false to disable explicit authentication for the site.
-
Locate the following element in the file.
<certificate enabled="false" useEmbeddedSmartcardSso="false" embeddedSmartcardSsoPinTimeout="00:00:20" /> <!--NeedCopy--> -
Set the value of the enabled attribute to true to enable smart card authentication. To enable pass-through with smart card authentication, you must also set the value of the useEmbeddedSmartcardSso attribute to true. Use the embeddedSmartcardSsoPinTimeout attribute to set the time in hours, minutes, and seconds for which the PIN entry screen is displayed before it times out. When the PIN entry screen times out, users are returned to the logon screen and must remove and reinsert their smart cards to access the PIN entry screen again. The time-out period is set to 20 seconds by default.
To enable users to choose between multiple desktops
By default, when a user logs on to a Desktop Appliance site, the first desktop (in alphabetical order) available to the user in the store for which the site is configured starts automatically. If you provide users with access to multiple desktops in a store, you can configure the Desktop Appliance site to display the available desktops so users can choose which one to access. To change these settings, you edit the site configuration file.
-
Use a text editor to open the web.config file for the Desktop Appliance site, which is typically located in the C:\inetpub\wwwroot\Citrix\storenameDesktopAppliance directory, where storename is the name specified for the store when it was created.
-
Locate the following element in the file.
<resources showMultiDesktop="false" /> <!--NeedCopy--> -
Change the value of the showMultiDesktop attribute to true to enable users to see and select from all the desktops available to them in the store when they log on to the Desktop Appliance site.