Generally speaking, the Citrix/StoreFront connection mode also works fine with PNA-based sites. There are only few corner cases where it makes sense to switch back to other, older modes.

These connection modes deal with PNA-sites.

• Citrix/One application or desktop. Login to Web frontend (in the background!), then run a single published application or desktop. This creates the most seamless experience for end users, they will be taken directly into one specific published resource. This mode is what most people want.
• Citrix/Program Neighborhood. Login to Web frontend (in the background!), and put all available published applications into the local Start Menu, allowing the user to choose from many available resources.

Expired passwords

The Citrix Receiver for Linux has a feature to allow users to enter a new password should theirs have expired. This has to be done before actually logging in, so it requires a special mechanism. Again, this functionality provided by the Citrix Receiver, it just needs to be configured properly - set these two parameter in the Citrix parameters correctly:

• Kerberos KDC Server (Domain Controller Name). This needs to be a DNS host name or IP address of the Domain Controller. Please make sure the name is resolvable by DNS (i.e. not just a Windows/WINS name) - a simply test is to ping the name from the Console of a NoTouch system or any other non-Windows system such as a Mac.
• Kerberos KDC Realm (Domain Name). Set this to the domain name of your AD domain.

Keep in mind that NoTouch systems are not members of the AD domain - this is the reason why you have to supply to these parameters to NoTouch, which in turn passes them on directly to the Citrix Receiver.

Non-StoreFront XenApp

Registering at the Citrix Web frontend allows for better load balancing, reconnect and session distribution, since the user authenticates first to the connection broker, and after that starts a connection to a specified server. The session modes "Citrix/One application or desktop" and "Citrix/Program Neighborhood" take advantage of this:

1. Create a connection
2. Set session type to "Citrix/One application or desktop" or "Citrix/Program Neighborhood"
3. Save changes and then navigate to the "Citrix" parameter subcategory
4. Set the "Citrix URL" parameter to an URL containing the host name/IP address where the Web frontend is installed, such as http://mycitrix.mycompany.com/Citrix/PNAgent/config.xml
   • Have your Citrix URL always refer to a config.xml if possible. Yes, you can abbreviate but only if the paths are standard like /Citrix/PNAgent on the server
5. If using "Citrix/One application or desktop", write the name of the desired published application into the "Launch Resource" parameter
6. Save changes

Non-StoreFront XenDesktop

XenDesktop also uses the ICA/HDX protocol and the Citrix Web service, so the configuration is similar to how you would configure XenApp. (Note that there is a special hint for XenDesktop 7 below...)

1. Create a connection
2. Set the connection mode to either (according to what you want to use)
   • "Citrix/One application or desktop" (start one named desktop)
     • In this case, please write the name of the desktop to be started into the "Launch Resource" parameter. Observe case, spaces, punctuation!
   • "Citrix/Program Neighborhood" (get desktops added to local start menu)
3. Set the parameter "Citrix URL" in the Citrix parameter subtree to the URL where the Citrix Webservice resides

There are a few other hints you should consider (mostly these are fulfilled by default, but double check):

• Workplace-Management has to be set to either none, disconnected or all. This will either reconnect no sessions (none), only disconnected sessions (disconnected) or all kinds of sessions (all).
• The authentication method for the webxml service must be set to 'prompt'. 'passthrough' is NOT supported by the Linux Citrix Receiver.
• Make sure the device is set to 24 bit color-depth and the ICA session is also using 24 bit color-depth.

XenDesktop 7 and higher

XenDesktop 7 and higher have - by default - only the StoreFront interface active. This is perfectly fine as you can use the Citrix/StoreFront connection mode (see above). Only if you want to use the other modes that use config.xml, you need to enable "Legacy Support" according to this screenshot:

Non-StoreFront Access Gateway

Connecting via Citrix Access Gateway is, generally spoken, not different from connecting to a XenApp or XenDesktop. However, there are three things you need to be aware of:

• Configuration of Access gateway and Citrix URLs. Please see http://support.citrix.com/article/CTX124937 for information on how to make Access Gateway work directly with Citrix Receiver (i.e. NoTouch).
• Citrix URLs: When just providing a short URL or even just a host name, NoTouch will add the standard config.xml path for you. People using Access Gateway are much more likely to change paths so the automatic completion won't work, you must provide the exact and correct URL to config.xml
• Certificates: If you use HTTPS (SSL) with a self-signed/private certificate (and not one from a well-known certificate authority), then you must upload your root CA certificate to NoTouch. The Citrix Receiver does not offer an option to ignore unverifiable certificates nor does it offer to accept and store a private certificate for you (as a web browser does). It must be present before the connection is launched, no matter if you connect via browser or directly with the Citrix Receiver. See here for more information on how to deal with certificates in NoTouch: Certificates

Furthermore, you need to have Access Gateway configured correctly as well:

• it must allow the connection from wherever you are connecting (IP/network range)
• it must allow the connection from the user account and the user account must be allowed to connect from this network
• it must allow the connection from a non-Windows machine and non-domain member
• make sure that there are no redirects that only work "inside", no private IP addresses are used

The following article may be helpful as well: http://www.jasonsamuel.com/2012/04/10/how-to-setup-your-citrix-netscaler-access-gateway-and-web-interface-for-ipads-and-mobile-devices-that-use-citrix-receiver/

Note that if it works from another client, notably a Windows PC, this doesn't mean your Access Gateway is configured correctly. Especially when testing from inside your network with external URLs, you may experience a perfectly working scenario, and from outside it doesn't work. You might find out that your system would redirect to internal IP addresses or find similar error causes.

Non-StoreFront NetScaler

Similar to what is said above about NetScaler, in general, there is no difference between connecting with or without NetScaler. However, there are three things you need to be aware of:

• Configuration of NetScaler and PNAgent service. Please see http://support.citrix.com/article/CTX133771 for information on how to configure PNAgent service (config.xml) on NetScaler.
• Citrix URLs: When just providing a short URL or even just a host name, NoTouch will add the standard config.xml path for you. People using NetScaler are much more likely to change paths so the automatic completion won't work, you must provide the exact and correct URL to config.xml
• Certificates: If you use HTTPS (SSL) with a self-signed/private certificate (and not one from a well-known certificate authority), then you must upload your root CA certificate to NoTouch. The Citrix Receiver does not offer an option to ignore unverifiable certificates nor does it offer to accept and store a private certificate for you (as a web browser does). It must be present before the connection is launched, no matter if you connect via browser or directly with the Citrix Receiver. See here for more information on how to deal with certificates in NoTouch: Certificates

The following article may be helpful as well: http://www.jasonsamuel.com/2012/04/10/how-to-setup-your-citrix-netscaler-access-gateway-and-web-interface-for-ipads-and-mobile-devices-that-use-citrix-receiver/

Note that if it works from another client, notably a Windows PC, this doesn't mean your NetScaler is configured correctly. Especially when testing from inside your network with external URLs, you may experience a perfectly working scenario, and from outside it doesn't work. You might find out that your system would redirect to internal IP addresses or find similar error causes.

Super-old Legacy systems - Presentation Server, MetaFrame

There are three more "direct" Citrix modes that were used with earlier Citrix products such as MetaFrame and Presentation Server. Most people use either the web browser or the XenApp/XenDesktop modes (see above).

• Legacy Citrix/ICA connect. Run a single ICA session to a host or published application. This was the main mode for Citrix terminal servers before XenApp/XenDesktop, mainly in Presentation Server deployments. Nowadays most people go for the other modes below:
• Legacy Citrix/Built-in PNAgent view. Login to Web frontend (in the background!), then run what Citrix calls "PNAgent view on Linux" - a window showing icons for different published applications. The pnagent mode uses Citrix receiver's own GUI which is not as beautiful as it could be. We suggest to use Citrix/One application or desktop or Citrix/Program Neighborhood.
• Legacy Citrix/ICA configurator. Run the Citrix configuration dialog (basically the wfcmgr binary, if you are familiar with the Citrix Receiver for Linux). This is somehow what one would see when running ICA client on any normal Linux. We discourage from using this, as ordinary end users will find this too complicated and are usually much better off with Citrix/One application or desktop or Citrix/Program Neighborhood.

The availability of these modes is also depending on the used Citrix client version. RX-HDX thin client comes with Citrix client 13.x and above which only allows "Legacy Citrix/ICA connect".

To make the simplest ICA connection possible, just follow these steps (in NoTouch OS or NoTouch Center):

1. Create a connection
2. Set session type to "Legacy Citrix/ICA connect"
3. Set "Connection target" to the host name of a Citrix-enabled terminal server (=XenApp server)
4. Save changes