1. Configuring SRV Record on DNS servers
A user do not need to have any details regarding configured Storefront stores. Instead, it’s much easier for them to just enter their email addresses while configuring the citrix receiver and the receiver itself will communicate with the DNS server for the domain specified in the email address to obtain the required information.
To enable email based discovery we need to add DNS Service Location (SRV) record
To make the citrix receiver locating the configured stores, a Service Location (SRV) locator resource records for Access Gateway or StoreFront/AppController connections must be available on your DNS server. If no SRV record is found, Citrix Receiver searches the specified domain for a machine named “discoverReceiver” to identify a StoreFront/AppController server.
You also need to install a valid server certificate on the Access Gateway appliance and StoreFront/AppController server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install either a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain, or a wildcard certificate for the domain containing your users’ email accounts.
So, the following needs to be done on your DNS servers:
Log in to your DNS server
In DNS > Right-click your Forward Lookup Zone
Click on Other New Records
Scroll down to Service Location (SRV)
Configuring Email-Based Account Discovery
Choose Create Record
Click in the Service box and enter the host value “_citrixreceiver”
Click in the Protocol box and enter the value “_tcp”
In the Host offering this service box, specify the fully qualified domain name (FQDN) and port for your Access Gateway appliance (to support both local and remote users) or StoreFront/AppController server (to support users on the local network only)
Note: Your StoreFront FQDN must be unique and different from the Access Gateway virtual server FQDN. Using the same FQDN for StoreFront and the Access Gateway virtual server is not supported by Citrix. Citrix Receiver requires that the StoreFront FQDN is a unique address that is only resolvable from user devices connected to the internal network. If this is not the case, Receiver for Windows users cannot use email-based account discovery.
2. Checking SRV record using nslookup
You can use nslookup (from a client on Internet) to check if the SRV record is configured correctly in DNS:
Open command prompt
Type “set type=srv“
The response from your external DNS should be something like this:
_citrixreceiver._tcp.mycompany.com SRV service location:
priority = 0
weight = 5
port = 443
svr hostname = something.yourcompany.com
3. Configuration of Netscaler Access Gateway
To allow users to configure Citrix Receiver from a remote location you need to add the StoreFront/AppController URL Session Profile of your Netscaler Access Gateway.
Log in to the Netscaler management console
In the Access Gateway node, create a new Session Profile or open an existing Session Profile for Native Receivers.
Click the Published Applications tab
Next to Account Services Address, click Override Global and then enter the StoreFront/AppController URL.
To make this work you have to allow Clientless Access to your Native Receiver Session Profile
Verify/Configure Native Receiver Session Policy to request the configured Native Receiver Session Profile
Bind the Session Policy to Netscaler Access Gateway Virtual Server or a defined AD group.