What’s new in 2402 (initial release)

StoreFront 2402 LTSR includes the following new features and enhancements since StoreFront 2203 LTSR:

Prevent .ica file downloads during Hybrid launch

To minimize security risks that might arise with the download of .ica files on local systems, the following settings have been introduced. Admins can configure these settings from the StoreFront admin console as a preventive measure against the misuse of downloaded .ica files. These settings include:

Prevent ica download settings

For more information, see Prevent ICA file download.

Enable advanced health check for all stores

Advanced health check is enabled for all existing stores on upgrade to 2402 to improve resiliency. With advanced health checks, StoreFront can more reliably check for any issues in the delivery controller. When used with Citrix Desktops as a Service, the advanced health checks provide additional information about the connectors present at the resource locations. This is useful in the event of an outage. When a user launches a resource, an appropriate connector to launch the resource is selected automatically using Local Host Cache.

If you want to disable advanced health check for all stores, you can use the following PowerShell script:

foreach ($store in Get-STFStoreService)
    Set-STFStoreFarmConfiguration -StoreService $store -AdvancedHealthCheck $False

Deprecation announcement for Windows server 2016

Support for installing StoreFront on Windows server 2016 will be removed in a future release. It is recommended that you upgrade to a newer version of Windows server for continued support. For more information on deprecated items, see Deprecation notices.

Citrix Secure Private Access on StoreFront

You can now connect to the Citrix Secure Private Access on-premises server using new PowerShell commands or StoreFront admin UI controls. It allows users to securely access web and SaaS apps through StoreFront. For more information, see Manage the resources made available in stores.

Uninterrupted VDA launch in case of FAS server unavailability

You can now configure StoreFront so that a VDA launch is successful even if the FAS server is unavailable. In such cases, the end users can sign in using their username and password. Previously, the VDA launch would fail if the FAS servers were unreachable. This feature is disabled by default and can be enabled using the following Powershell command.

Set-STFStoreLaunchOptions with parameter FederatedAuthenticationServiceFailover

You can use the same command to disable this feature, if required. For more information, see FAS.

Improved user-journey logs

Previously by default only errors were logged. The default logging level has now been changed to include warnings and tracing information. In addition the log messages have been improved. This ensures that by default, all the events that are part of the main user journeys are now logged. The default log file size is increased to 1GB (5*200MB) for each service. Typically this will require 1GB (for the roaming service) + 3GB per store (as each store service typically has a corresponding authentication service and receiver for web service). Ensure you have sufficient disk space available. For more information, see Diagnostics logging.

Citrix Workspace web extensions - General Availability

Citrix Workspace web extensions are now generally available for use with StoreFront. These web extensions help you launch resources in your locally installed Citrix Workspace app without prompts to open Workspace launcher or downloading an .ica file, making your experience safer and more reliable. For more information, see Citrix Web Extensions.

The use of Citrix Workspace web extensions is enabled by default for every new installation of StoreFront. However, end users still need to download the extensions to use this feature.


Citrix Workspace web extension is not enabled automatically during a StoreFront version upgrade. If this feature was turned-off before the upgrade, it remains in the same state after the version update. It will be enabled for all deployments in a future release.

When upgrading an existing deployment you can enable this feature using the following command:

Add-STFFeatureState -Name "Citrix.StoreFront.EnableBrowserExtension " -IsEnabled $True

New UI for on-premises stores (Technical Preview)

The new UI, is now available for on-premises stores. This UI, previously available only for cloud stores, ensures a consistent look and feel across cloud and on-prem stores.

The new UI brings the following key improvements:

  • User friendly UI: Reduces visual complexity and provides easy access to essential features. For more information, see Workspace visual and layout improvements.
  • Activity Manager: Facilitates quick actions on active virtual apps and desktops, saving resources and optimizing performance. For more information, see Activity Manager.
  • Enhanced categorization of apps: Multi-level folder structure that is responsive to your end user’s screen size. For more information, see categorization of apps.
  • Improved Search capabilities: New search capabilities provide for better and faster results. For more information, see Search options.

For detailed information on this preview, see New UI (Tech Preview).


You can provide feedback for this feature using this Podio form.

Citrix Workspace app for HTML5

This release includes Citrix Workspace app for HTML5 2402.

App Protection for hybrid launches

App Protection provides an additional level of security by blocking keyloggers and screen capture. Previously, this functionality was only available when accessing a store through Citrix Workspace apps for Windows, Mac and Linux. When viewing a store through a web browser, protected apps were not displayed. With this release it is now possible to configure a store website to display apps requiring App Protection when viewed through a browser, as long as StoreFront has detected that the user has a sufficiently new version of Citrix Workspace app for Windows, Mac or Linux installed that will be used to launch the app.

For more information see App Protection.

Advanced Health Check enabled by default

From this release onward, the advance health check feature is enabled by default for new stores. Previously it had to be enabled manually.

When used with Citrix DaaS, Advance health check makes StoreFront aware of the connectors present at the resource locations. In the event of an outage, when a user launches a resource, StoreFront chooses an appropriate connector to launch the resource using Local Host Cache.

Deprecation of XenApp Services

From this release onward, support for XenApp Services URLs (also known as PNAgent) for connecting to stores is deprecated. It will be removed in a future release. Use Citrix Workspace app to connect to stores using the store URL.

Removal of ability to add XenApp 6.5 delivery controllers

It is no longer possible to add new XenApp 6.5 resource feeds using the StoreFront management console. It is still possible to add them using PowerShell Add-STFStoreFarm specifying the FarmType as XenApp. For Example:

$store = Get-STFStoreService
Add-STFStoreFarm -StoreService $store -FarmName "XenApp" -FarmType XenApp -Port 80 -TransportType HTTP -Servers Xen1

Existing XenApp 6.5 resource feeds can be modified using the management console.


XenApp 6.5 is not supported by Citrix. The ability to use XenApp 6.5 delivery controllers will be removed in a future release.

Removal of ability to open resources within Internet Explorer 11

It is no longer possible to open resources within the Internet Explorer 11 web browser. It is still possible to access your store from Internet Explorer 11 but you must install Citrix Workspace app for Windows to be able to launch resources.

Fixed Issues

Following is a list of issues that are fixed since version 2203 CU4:

  • App enumeration on StoreFront servers might fail intermittently. [CVADHELP-23196]

  • Names containing special characters might appear corrupted in the Home tab and Settings dropdown menu. [CVADHELP-24499]

  • The first time a user opens a store website in their browser on ChromeOS, it prompts the user to perform client detection but Citrix Workspace app for ChromeOS does not support client detection. As a result, the client detection fails and the users would need to click “already installed” to continue. With this fix, the website skips client detection on ChromeOS. [WSP-22390]

  • Citrix Workspace app for Mac might freeze after waking up from Sleep mode when connected to a StoreFront Store. [CVADHELP-23217]

  • A race condition can cause the Citrix Subscriptions Store service to exit unexpectedly on the StoreFront server with warning messages. [CVADHELP-23326]

  • [CVADHELP-22435] A year after detecting that the user has Citrix Workspace app installed, apps are launched in a browser rather than Citrix Workspace app.

  • [CVADHELP-21886] When using the StoreFront Store Service API to launch an app, overriding settings such as audio quality and disabling printers, the settings may affect all subsequent requests rather than just the current request.