What’s new

2411

Modern user experience

The modern experience is now generally available for on-premises stores. This UI, which was previously available only for cloud stores, ensures a consistent look and feel across cloud and on-prem stores.

The new user interface is designed to enhance and simplify the end-user experience to access Citrix apps and desktops. It reduces visual complexity, provides easy access to essential features, and refines the StoreFront app experience. It supports new features, such as Activity Manager that facilitate effective management of your virtual apps and desktop resources. Note: In this article, the current UI experience has been referred to as the classic experience.

To enable the modern experience, see User Experience.

The modern experience brings the following key improvements:

• Activity Manager: Enables quick actions on active virtual apps and desktops, saving resources and optimizing performance. For more information, see Activity Manager.
• Enhanced categorization of apps: Multi-level folder structures that are responsive to the user’s screen size. For more information, see categorization of apps.
• Improved Search capabilities: New search capabilities provide for better and faster results. For more information, see Search feature.

For more information, see Modern experience.

Fixed issues since the technical preview

• Activity Manager operations such as Logout, Disconnect, and more aren’t supported for applications that have App Protection policies enabled. [WSP-21324]
• On Citrix Workspace app for Windows, Mac and Linux when connecting through a gateway, previously after logging off, the user was taken to a logout screen but the Back to sign in option did not work. The modern experience behavior now matches the classic experience behavior; after logout the user remains on the screen listing their apps and/or desktops.
• Citrix workspace web extensions are now supported. [WSUI-8503]
• Direct SAML authentication using a web browser is now supported. [WSUI-9415]
• App protection for hybrid launches are now supported. Apps requiring App Protection are never displayed. [WSUI-9593]
• In the Edit Receiver for Web Site screen, when Next generation experience is selected, settings are displayed that are not relevant to the experience. [WSP-20560]
• Settings to hide the Already Installed option and prevent ICA downloads are ignored.

Pinned links

Custom URLs on StoreFront UI refer to customer-defined hyperlinks that provide quick access to specific websites. This feature functions as a shortcut that helps users to efficiently navigate to websites directly from the StoreFront UI. Important links, such as support websites or company portals, can be made available to the users without needing them to search for these links. It makes the navigation effortless and faster. This feature is only available on the modern experience.

For more information, see Pinned links

Require end users to use the locally installed Citrix app only

Administrators can enforce the use of the native Citrix Workspace app, eliminating the option for users to access the Citrix Workspace web client on browsers. This feature is designed for customers who want to leverage the full benefits of the native app. The native app offers advantages such as built-in App Protection service, no browser version compatibility issues, enhanced security and telemetry for monitoring and troubleshooting.

For more information, see Require end users to use the locally installed Citrix app only

XenApp Services off by default for new stores

When you create a new store, XenApp Services is disabled by default. You can enable it manually in the GUI or using PowerShell. Note that XenApp Services is deprecated and will be removed in a future release.

Progressive Web App [Technical Preview]

The Progressive Web App (PWA) feature allows you to install the store website so that it can be launched from your start menu or desktop, similar to a native app. This is available only in the old UI.

Prerequisites

To use PWA, ensure that you have the following:

• The minimum required version of StoreFront is 2411.
• Configure StoreFront for SSL.
• Use Google Chrome or Microsoft Edge browser on Windows, Mac, or Linux.
• You must set the deployment option to Always use Receiver for HTML5.

For more information, see Progressive Web App

Fixed issues

• An upgrade to a newer version of StoreFront fails and the logs contain text “VersionData:Load Failed due to exception: System.IndexOutOfRangeException”. The issue occurs when a user group created by StoreFront has an empty description. [CVADHELP-25433] [WSP-22426]

• Intermittently, StoreFront upgrade fails. The installer either fails silently before the wizard appears, or the wizard becomes unresponsive, or after clicking through the wizard the upgrade fails.

  The issue occurs because the installation files are deleted before they are needed. [CVADHELP-25435] [WSP-23961]

• During an outage, when the connectors go into Local Host Cache mode, StoreFront needs to send launch requests to the connector in the same zone as the resource. When a resource is available in multiple zones, previously, StoreFront would only try to launch the resource in one zone.

  With this enhancement, if the attempt to start a resource in one zone fails, in some cases StoreFront server tries to make another attempt to start the resource using connectors in other available zones to improve resilience. [WSP-23898]

• When you edit a gateway whose Usage or role is Authentication only, it displays a tab Secure Ticket Authority but if values are entered then they aren’t saved. [WSP-24682]

Known issues

• When using the modern experience, if there are multiple authentication methods then when the user logs out they are not given the option whether or not to remember the authentication method. [WSUI-10131]

• When multi-site aggregation is enabled, it is not possible to reconnect to sessions using Activity Manager. Instead, click the app or desktop’s tile to reconnect. [WSP-26299]

• When a user is notified that their password will expire soon, if they select Change Now the Change Password screen is displayed without any text input or buttons. [WSUI-10327]

2407

Citrix Gateway Service for StoreFront

Citrix Gateway Service for StoreFront provides HDX routing to your resources without needing to host your own gateway. For more information, see Gateway Service for StoreFront and Add Citrix Gateway Service.

If you’ve opted the Citrix Gateway Service for StoreFront (Technical Preview) with StoreFront 2311 or 2402 and you’ve configured a CloudGateway, the configuration is no longer valid with StoreFront 2407. You must delete the existing gateway and create new gateways following the updated documentation.

Citrix Workspace Web Extensions

Citrix Workspace Web Extensions is enabled for all installations without needing to manually configure StoreFront using PowerShell.

Windows Server 2025 support

Storefront 2407 can be installed on Windows Server 2025 Datacenter and Standard editions.

Removal of support for Windows Server 2016

StoreFront 2407 can’t be installed on Windows Server 2016. Install StoreFront on Windows Server 2019, 2022 or 2025. For more information on removed items, see Deprecation notices.

Citrix Workspace app for HTML5 HDX Client

This release includes Citrix Workspace app for HTML5 HDX client 2404.1.

Fixed Issues

• When the store UI experience is switched between the modern and classic experience, changes should be reflected in Citrix Workspace app the next time it refreshes, without needing to remove and re-add the store.
• Update translation on the client detection screen when using Mozilla FireFox in the Brazilian Portuguese language. [STRFRNTUI-564]
• Remove additional notification shown in Citrix Workspace app for Windows 2309 or higher, when connecting to StoreFront 2402 using a XenApp Services URL [WSP-23122].
• In the StoreFront Web API, the list endpoint should set isSubscriptionEnabled according to whether favorites are enabled. [WSP-22503]
• In the Store Services API, the Resource Enumeration endpoint should set subscription status according to whether favorites are enabled. [WSP-22503]
• Updated the Content Security Policy defined in the http-equiv tag of the HTML file to block inline scripts. If you have customized StoreFront in a way that uses eval or adds inline scripts to the DOM then this action causes those customizations to fail.
• In the new UI, allow Activity manager to handle more resource feeds than can be enumerated concurrently. [WSP-24122]

Known issues

• When you edit a gateway whose Usage or role is Authentication only, it displays a tab Secure Ticket Authority but if values are entered then they aren’t saved. If you must enter a secure ticket authority to enable client detection then change the Usage or role to Authentication and HDX routing even if HDX routing isn’t required. [WSP-24682]
• When subscriptions are disabled, Citrix Workspace app for Windows does not create Start menu or desktop shortcuts. [WSP-26984]

2402

Prevent .ica file downloads during hybrid launch

To minimize security risks that might arise with the download of .ica files on local systems, the following settings have been introduced. Admins can configure these settings from the StoreFront admin console as a preventive measure against the misuse of downloaded .ica files. These settings include:

• Show Already installed link on client detection page
• Prevent ICA downloads on all platforms

For more information, see Prevent ICA file download.

Enable the modern experience using the PowerShell command

Admins can enable the modern experience for their end users using the following PowerShell command Set-STFWebReceiverService.

For example:

$rfw=Get-STFWebReceiverService -VirtualPath "/Citrix/StoreWeb"
Set-STFWebReceiverService -WebReceiverService $rfw -WebUIExperence Workspace

<!--NeedCopy-->

Enable advanced health check for all stores

Advanced health check is now enabled for all existing stores to improve resiliency. With the advanced health check feature, StoreFront can more reliably check for any issues in the delivery controller. When used with Citrix Desktops as a Service, the advanced health check provides additional information about the connectors present at the resource locations. This is useful in the event of an outage. When a user launches a resource, an appropriate connector to launch the resource is selected automatically using Local Host Cache.

If you want to disable Advanced health check for all stores, you can use the following PowerShell script:

foreach ($store in Get-STFStoreService)
{
    Set-STFStoreFarmConfiguration -StoreService $store -AdvancedHealthCheck $False
}
<!--NeedCopy-->

Note:

Advanced health check has been enabled by default for new stores from StoreFront 2308 CR release.

Deprecation announcement for Windows Server 2016

Support for installing StoreFront on Windows server 2016 will be removed in a future release. It is recommended that you upgrade to a newer version of the Windows server for continued support. For more information on deprecated items, see Deprecation notices.

Fixed issues

• If you set the branding settings to default on the new UI (Technical Preview), the old UI default color scheme is applied. [WSUI-8930]

• App enumeration on StoreFront servers might fail intermittently. [CVADHELP-23196]

• Activity Manager operations such as Logout, Disconnect, and more aren’t supported for applications that have App Protection policies enabled. [WSP-21324]

• The PowerShell parameter -override is required to change the diagnostics logging settings. [WSP-22214]

• Names containing special characters might appear corrupted in the Settings drop-down menu. [WSP-22210]

• The first time a user opens a store website in their browser on ChromeOS, it prompts the user to perform client detection but Citrix Workspace app for ChromeOS does not support client detection. As a result, the client detection fails and the users would need to click “already installed” to continue. With this fix, the website skips client detection on ChromeOS. [WSP-22390]

• For StoreFront version 2311, policies configured in Studio that should only apply to users connecting through a gateway also apply to internal users. [WSP-22766]

Known issues

• When Citrix Workspace app for Windows 2309 or higher is connected to StoreFront using a XenApp Services URL, launching a resource may cause an additional notification to be displayed. [WSP-23122]

2311

Citrix Secure Private Access on StoreFront

You can now connect to the Citrix Secure Private Access on-premises server using new PowerShell commands or StoreFront admin UI controls. It allows users to securely access web and SaaS apps through StoreFront. For more information, see Manage the resources made available in stores.

Uninterrupted VDA launch in case of FAS server unavailability

You can now configure StoreFront so that a VDA launch is successful even if the FAS server is unavailable. In such cases, the end users can sign in using their user name and password. Previously, the VDA launch would fail if the FAS servers were unreachable. This feature is disabled by default and can be enabled using the following PowerShell command.

Set-STFStoreLaunchOptions with parameter FederatedAuthenticationServiceFailover

You can use the same command to disable this feature, if necessary. For more information, see FAS.

Improved user-journey logs

Previously by default only errors were logged. The default logging level has now been changed to include warnings and tracing information. In addition the log messages have been improved. This ensures that by default, all the events that are part of the main user journey are now logged. The default log file size is increased to 1GB (5*200MB) for each service. Typically this requires 1GB (for the roaming service) + 3GB per store (as each store service typically has a corresponding authentication service and receiver for web service). Ensure you have sufficient disk space available. For more information, see Diagnostics logging.

Citrix Workspace web extensions - General Availability

Citrix Workspace web extensions are now generally available for use with StoreFront. These web extensions help you launch resources in your locally installed Citrix Workspace app without prompts to open Workspace launcher or downloading an .ica file, making your experience safer and more reliable. For more information, see Citrix Web Extensions.

The use of Citrix Workspace web extensions is enabled by default for every new installation of StoreFront. However, end users still need to download the extensions to use this feature.

Note:

Citrix Workspace web extension isn’t enabled automatically during a StoreFront version upgrade. If this feature was turned-off before the upgrade, it remains in the same state after the version update. It will be enabled for all deployments in a future release.

When upgrading an existing deployment you can enable this feature using the following command:

Add-STFFeatureState -Name "Citrix.StoreFront.EnableBrowserExtension " -IsEnabled $True

New UI for on-premises stores (Technical Preview)

The new UI is now available for on-premises stores. This UI, previously available only for cloud stores, ensures a consistent look and feel across cloud and on-prem stores.

The new UI brings the following key improvements:

• Activity Manager: Facilitates quick actions on active virtual apps and desktops, saving resources and optimizing performance. For more information, see Activity Manager.
• Enhanced categorization of apps: A multi-level folder structure that is responsive to your end user’s screen size. For more information, see categorization of apps.
• Improved Search capabilities: New search capabilities provide for better and faster results. For more information, see Search options.

For detailed information on this preview, see Modern user experience.

Note:

You can provide feedback for this feature using this Podio form.

Citrix Workspace app for HTML5 HDX Client

This release includes Citrix Workspace app for HTML5 2402.

Fixed issues

• Citrix Workspace app for Mac might freeze after waking up from Sleep mode when connected to a StoreFront Store. [CVADHELP-23217]
• A race condition can cause the Citrix Subscriptions Store service to exit unexpectedly on the StoreFront server with warning messages. [CVADHELP-23326]

Known issues

• User names with special characters might appear corrupted in the Settings drop-down menu. [WSP-22210]
• The PowerShell parameter -override is required to change the TraceLevel settings. [WSP-22214]
• For StoreFront version 2311, policies configured in Studio that should only apply to users connecting through a gateway also apply to internal users. [WSP-22766]

2308.1

Fixed issues

• This release addresses a security vulnerability in an underlying component. For more information, see CTX583759. [CVADHELP-23724]

2308

App Protection for hybrid launches

App Protection provides an additional level of security by blocking keyloggers and screen capture. Previously, this functionality was only available when accessing a store through Citrix Workspace apps for Windows, Mac, and Linux. When viewing a store through a web browser, protected apps were not displayed. With this release it’s now possible to configure a store website to display apps requiring App Protection when viewed through a browser, as long as StoreFront has detected that the user has a sufficiently new version of Citrix Workspace app for Windows, Mac, or Linux installed that will be used to launch the app.

For more information see App Protection.

Advanced health check enabled by default

From this release onward, the advance health check feature is enabled by default for new stores. Previously it had to be enabled manually.

When used with Citrix DaaS, the advance health check makes StoreFront aware of the connectors present at the resource locations. In the event of an outage, when a user launches a resource, StoreFront chooses an appropriate connector to launch the resource using Local Host Cache.

Fixed issues

This release includes all fixes from 2203 CU3, plus the following:

• [CVADHELP-22435] A year after detecting that the user has Citrix Workspace app installed, apps are launched in a browser rather than Citrix Workspace app.

• [CVADHELP-21886] When using the StoreFront Store Service API to launch an app, overriding settings such as audio quality and disabling printers, the settings might affect all subsequent requests rather than just the current request.

Deprecation of XenApp Services

From this release onward, support for XenApp Services URLs (also known as PNAgent) for connecting to stores is deprecated. It will be removed in a future release. Use Citrix Workspace app to connect to stores using the store URL.

Removal of ability to add XenApp 6.5 delivery controllers

It is no longer possible to add new XenApp 6.5 resource feeds using the StoreFront management console. It is still possible to add them using PowerShell Add-STFStoreFarm specifying the FarmType as XenApp. For Example:

$store = Get-STFStoreService
Add-STFStoreFarm -StoreService $store -FarmName "XenApp" -FarmType XenApp -Port 80 -TransportType HTTP -Servers Xen1
<!--NeedCopy-->

Existing XenApp 6.5 resource feeds can be modified using the management console.

Note:

XenApp 6.5 isn’t supported by Citrix. The ability to use XenApp 6.5 delivery controllers will be removed in a future release.

Removal of ability to open resources within Internet Explorer 11

It’s no longer possible to open resources within the Internet Explorer 11 web browser. However, it’s still possible to access your store from Internet Explorer 11 but you must install Citrix Workspace app for Windows to be able to launch resources.

Known issues

There are no new known issues in this release.