Citrix Analytics for Security

Unable to connect StoreFront server with Citrix Analytics

December 20, 2022

Contributed by:

After importing the configuration settings from Citrix Analytics to your StoreFront server, the StoreFront server fails to connect to Citrix Analytics.

For information on how to import configuration settings to a StoreFront server, see Onboard Virtual Apps and Desktops sites using StoreFront.

The CAS Onboarding Assistant helps check and troubleshoot the issues described in this article. For more information, see Citrix Analytics Service (CAS) Onboarding Assistant.

To troubleshoot the issue, do the following:

On the StoreFront server, ping the region-specific endpoints of Citrix Analytics to test connectivity between the StoreFront server and the Citrix Analytics server. Also, ensure that the prerequisites are met.

Note

On your StoreFront server, you can test the connectivity by directly pinging the region-specific endpoints or by opening a web browser and accessing the region-specific endpoints.
Enable verbose logging in the StoreFront server to trace the logs. For more information on verbose logging, see the article- CTX139592.
Open the Internet Information Services (IIS) Manager and check the following:
- If the StoreFront site is under IIS default site, then IIS restarts the StoreFront site.
- If the StoreFront site is in other drivers or not under default site, then open the command window and type iisreset.
Run the following command to import the Citrix Analytics settings:
```
Import-STFCasConfiguration -Path "configuration file path"
```
Run the following command to verify the imported settings:
```
Get-STFCasConfiguration
```
If the StoreFront site is in other drivers or not under the default site, open the command window. Type iisreset to let StoreFront site read Citrix Analytics settings.
Get the StoreFront verbose log files from the following location:
```
C:\Program Files\Citrix\Receiver StoreFront\Admin\trace
```
Under the above mentioned location, you can find multiple svclog files which can be opened in Event Viewer.
Use the Microsoft Service Trace Viewer to open the following logs:
- StoreFront logs
- Roaming site verbose logs
In the logs, ensure that the CasConfigurationManager sections and Citrix Analytics server information are available.
If the CasConfigurationManager sections are unavailable, open the web.config file for the roaming site found in the roaming site\folder.
In the web.config file, locate the casConfiguration section and ensure that the Citrix Analytics server information is available.
On the Windows Server machines where the StoreFront server is installed, ensure the following:
- TLS 1.2 Client is enabled.
- At least one of the following cipher suites is enabled:
  - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
For information on how to configure the TLS cipher suite order, see the Microsoft documentation.
If you are using Windows Server 2012 machines, ensure that the Diffie-Hellman Exchange (ECDHE/DHE) is enabled.

Ensure that the Windows Server machines where the StoreFront server is installed must contain the registry settings mentioned in the Microsoft documentation.

IMPORTANT

Update the TLS/SSL cipher suites by using group policy. Do not manually modify the TLS/SSL cipher suites. For more information on how to use group policy, see the Microsoft documentation.

For example, the following registry settings must be available in your Windows Server machine:

TLS 1.2 Client:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000

<!--NeedCopy-->

Diffie-Hellman KEAs:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]
"Enabled"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\ECDH]
"Enabled"=dword:ffffffff

<!--NeedCopy-->

AES-128/AES-256 ciphers:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128]
"Enabled"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256]
"Enabled"=dword:ffffffff

<!--NeedCopy-->

SHA256/SHA384 hashes:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA256]
"Enabled"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA384]
"Enabled"=dword:ffffffff

<!--NeedCopy-->

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Unable to connect StoreFront server with Citrix Analytics

December 20, 2022

Contributed by:

December 20, 2022

Contributed by:

Unable to connect StoreFront server with Citrix Analytics

In this article