Citrix Analytics for Security

Unable to connect StoreFront server with Citrix Analytics

After importing the configuration settings from Citrix Analytics to your StoreFront server, the StoreFront server fails to connect to Citrix Analytics.

For information on how to import configuration settings to a StoreFront server, see Onboard Virtual Apps and Desktops sites using StoreFront.

The CAS Onboarding Assistant helps check and troubleshoot the issues described in this article. For more information, see Citrix Analytics Service (CAS) Onboarding Assistant.

To troubleshoot the issue, do the following:

  1. On the StoreFront server, ping the region-specific endpoints of Citrix Analytics to test connectivity between the StoreFront server and the Citrix Analytics server. Also, ensure that the prerequisites are met.

    Note

    On your StoreFront server, you can test the connectivity by directly pinging the region-specific endpoints or by opening a web browser and accessing the region-specific endpoints.

  2. Enable verbose logging in the StoreFront server to trace the logs. For more information on verbose logging, see the article- CTX139592.

  3. Open the Internet Information Services (IIS) Manager and check the following:

    • If the StoreFront site is under IIS default site, then IIS restarts the StoreFront site.

    • If the StoreFront site is in other drivers or not under default site, then open the command window and type iisreset.

  4. Run the following command to import the Citrix Analytics settings:

    Import-STFCasConfiguration -Path "configuration file path"
    
  5. Run the following command to verify the imported settings:

    Get-STFCasConfiguration
    
  6. If the StoreFront site is in other drivers or not under the default site, open the command window. Type iisreset to let StoreFront site read Citrix Analytics settings.

  7. Get the StoreFront verbose log files from the following location:

    C:\Program Files\Citrix\Receiver StoreFront\Admin\trace
    
  8. Use the Microsoft Service Trace Viewer to open the following logs:

    • StoreFront logs

    • Roaming site verbose logs

  9. In the logs, ensure that the CasConfigurationManager sections and Citrix Analytics server information are available.

    CAS section

  10. If the CasConfigurationManager sections are unavailable, open the web.config file for the roaming site found in the roaming site\folder.

  11. In the web.config file, locate the casConfiguration section and ensure that the Citrix Analytics server information is available.

    Web config

  12. On the Windows Server machines where the StoreFront server is installed, ensure the following:

    • TLS 1.2 Client is enabled.

    • At least one of the following cipher suites is enabled:

      • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

      • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

      • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

      • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

    For information on how to configure the TLS cipher suite order, see the Microsoft documentation.

  13. If you are using Windows Server 2012 machines, ensure that the Diffie-Hellman Exchange (ECDHE/DHE) is enabled.

  14. Ensure that the Windows Server machines where the StoreFront server is installed must contain the registry settings mentioned in the Microsoft documentation.

    IMPORTANT

    Update the TLS/SSL cipher suites by using group policy. Do not manually modify the TLS/SSL cipher suites. For more information on how to use group policy, see the Microsoft documentation.

    For example, the following registry settings must be available in your Windows Server machine:

    TLS 1.2 Client:

    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "DisabledByDefault"=dword:00000000
    
    <!--NeedCopy-->
    

    Diffie-Hellman KEAs:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
    "Enabled"=dword:ffffffff
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\ECDH]
    "Enabled"=dword:ffffffff
    
    <!--NeedCopy-->
    

    AES-128/AES-256 ciphers:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128]
    "Enabled"=dword:ffffffff
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256]
    "Enabled"=dword:ffffffff
    
    <!--NeedCopy-->
    

    SHA256/SHA384 hashes:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA256]
    "Enabled"=dword:ffffffff
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA384]
    "Enabled"=dword:ffffffff
    
    <!--NeedCopy-->
    
Unable to connect StoreFront server with Citrix Analytics

In this article