Configuring Email-Based Account Discovery

1     Add DNS Service Location (SRV) record to enable email based discovery

During initial configuration, Citrix Receiver can contact Active Directory Domain Name System (DNS) servers to obtain details of the stores available for users. This means that users do not need to know the access details for their stores when they install and configure Citrix Receiver. Instead, users enter their email addresses and Citrix Receiver contacts the DNS server for the domain specified in the email address to obtain the required information.

To enable Citrix Receiver to locate available stores on the basis of users’ email addresses, configure Service Location (SRV) locator resource records for Access Gateway or StoreFront/AppController connections on your DNS server. If no SRV record is found, Citrix Receiver searches the specified domain for a machine named “discoverReceiver” to identify a StoreFront/AppController server.

You must install a valid server certificate on the Access Gateway appliance and StoreFront/AppController server to enable email-based account discovery. The full chain to the root certificate must also be valid. For the best user experience, install either a certificate with a Subject or Subject Alternative Name entry of discoverReceiver.domain, or a wildcard certificate for the domain containing your users’ email accounts.

To allow users to configure Citrix Receiver by using an email address, you need to add a SRV record to your DNS zone.

  • Log in to your DNS server
  • In DNS > Right-click your Forward Lookup Zone
  • Click on Other New Records
  • Scroll down to Service Location (SRV)
  • Configuring Email-Based Account Discovery
  • Choose Create Record
  • Click in the Service box and enter the host value _citrixreceiver
  • Click in the Protocol box and enter the value _tcp
  • In the Host offering this service box, specify the fully qualified domain name (FQDN) and port for your Access Gateway appliance (to support both local and remote users) or StoreFront/AppController server (to support users on the local network only)

Note: Your StoreFront FQDN must be unique and different from the Access Gateway virtual server FQDN. Using the same FQDN for StoreFront and the Access Gateway virtual server is not supported. Citrix Receiver requires that the StoreFront FQDN is a unique address that is only resolvable from user devices connected to the internal network. If this is not the case, Receiver for Windows users cannot use email-based account discovery.

2     Checking SRV record using nslookup

You can use nslookup to check if the SRV record is configured correctly in DNS:

  • Open command prompt
  • Type nslookup
  • Type “set type=srv“
  • Type “_citrixreceiver._tcp.mycompany.com“

The response from your external DNS should be something like this:

_citrixreceiver._tcp.mycompany.com SRV service location:

priority = 0

weight = 100

port     = 443

svr hostname = vpndemo.mycompany.com

 

3     Configuration of Netscaler Access Gateway

To allow users to configure Citrix Receiver from a remote location you need to add the StoreFront/AppController URL Session Profile of your Netscaler Access Gateway.

  • Log in to the Netscaler management console
  • In the Access Gateway node, create a new Session Profile or open an existing Session Profile for Native Receivers.
  • Click the Published Applications tab
  • Next to Account Services Address, click Override Global and then enter the StoreFront/AppController URL. (Example: https://< StoreFront/AppController URL>/Citrix/Roaming/Accounts)
  •  To make this work you have to allow Clientless Access to your Native Receiver Session Profile
  • Verify/Configure Native Receiver Session Policy to request the configured Native Receiver Session Profile
  • Bind the Session Policy to Netscaler Access Gateway Virtual Server.

4      End User Experience

When tries to access the Native Receivers, they just have to provide their email address to activate Receiver.

  • User access Citrix Receiver, provides his email address.
  • Receiver prompts user to enter his Active Directory credentials.
  • User is asked for the confirmation from the user to add the Store information into Receiver.
  • Upon confirmation from the user, store information is added on to Receiver.
  • User can subscribe to their apps from Receiver.