Skip to main content

How to configure Citrix XenDesktop 5.6 with CloudGateway (Receiver Storefront) and NetScaler(Access Gateway Enterprise)


This article describes how to set up an (Netscaler) Access Gateway Enterprise Edition VPX and (CloudGateway) Receiver Storefront for use with XenDesktop 5.6.

The purpose of this document is to record the configuration of the Citrix Access Gateway Enterprise Edition appliance and Receiver Storefront for use with Citrix XenDesktop 5.6.

This article only attempts to record a single configuration. However, it is expected that this environment can also act as a stepping stone for creating alternative or more advanced configurations if required.

The following are the various sections in this article:


See the entire guide here. Howto configure Citrix XenDesktop 5.6 with Citrix Cloudgateway (Storefront) with NetScaler Access Gateway Enterprise
Enjoy /Poppelgaard

CloudGateway Enterprise

Citrix have released CloudGateway Enterprise for web.

About CloudGateway Enterprise

CloudGateway Enterprise is designed to offer a single point of control for enterprise delivery of Windows, Web and SaaS applications, with a seamless end-user experience across the various Receiver variants. CloudGateway Enterprise comprises of three key components:

  1. StoreFront services– The Windows component allowing the various Citrix Receivers to connect to the enterprise store, and deliver Windows, Web and SaaS applications to users, with a follow-me subscription and launch experience.
  2. AppController– A linux based virtual machine available for both XenServer and vmware based hosts, providing the central administrative point for configuration of all enterprise Web and SaaS applications, to be delivered to end users, with a single sign-on federation and consolidated provisioning capabilities
  3. Gateway services – Delivered through the Access Gateway component, either standalone, or as a feature of the NetScaler MPX, VPX and SDX platforms.

Note that CloudGateway Enterprise provides the license entitlement for the Access Gateway universal licenses, but the actual AG physical or virtual appliances actually needed to deploy this functionality, will need to be procured independently

In addition to the above components CloudGateway Enterprise will also consist of regular AppConnector update packs, which will include new connectors for applications, that will keep increasing the number of applications supported for both federation and user account provisioning support within the AppController.


Download Citrix CloudGateway Enterprise here (require MyCitrix ID)

Citrix Access Gateway 5.0.3

Citrix have released Access Gateway 5.0.3

New Features Supported in This Maintenance Release

Multi-Stream ICA Support

The multi-stream ICA feature allows you to partition multiple ICA streams in the same session. With multi-stream ICA, you can partition a single TCP connection into multiple streams based on different types of traffic that are typical for session reliability.

Basic Logon Point Session Time-outs in Access Controller

If you configure a basic logon point in Access Controller, you can now configure session time-outs as part of the logon point settings. [#45963]

New Features from Previously Released Maintenance Releases

Access Gateway Imaging Tool

The Access Gateway imaging tool now exists as a .zip file containing all files necessary for reimaging the appliance. You download the .zip file, extract the files, and run the tool. The tool indicates the location of the USB drive. By using the .zip file, you no longer need to select an ISO file.

Certificate Length

If you attempt to import an intermediate certificate to Access Gateway where the Subject field is longer than 128 characters, you receive the error message “Value too long for type character varying (128).”

Secure Ticket Authority

You can now configure up to 25 servers running the Secure Ticket Authority (STA).

Static Routing

You can now add up to 256 static routes on the Access Gateway appliance.

Support for Web Interface 5.4

Access Gateway 5.0.1 supports the following Web Interface 5.4 features:

  • Password Change. When the Web Interface is the home page, users can change their password after they log on.
  • ICA File Signing. The Web Interface digitally signs generated ICA files, to allow compatible Citrix clients and plug-ins to validate that the file originates from a trusted source.

Upgrading Access Controller

You can now upgrade Access Controller from Version 5.0 or Version 5.0.1 to Version 5.0.2 or later without removing the previous version.

User Software

Access Gateway supports the following user software:

  • Access Gateway Plug-in for Mac OS X Version 2.0
  • Citrix Receiver 2.1

XenApp Services Site

You can configure Access Gateway to use a XenApp Services site, giving users access to virtual applications from their computer desktop or mobile device when they authenticate through the Web Interface.


Download Citrix Access Gateway 5.0.3 here (require mycitrix id)

Unable to Install the Platform License for Unlimited ICA Connections

This article applies for Access Gateway Enterprise 9.2 and Netscaler 9.0


You might experience issues when installing the Platform License for Unlimited ICA connections. The license is not recognized and you will be unable to install it.

Additionally, the output of the show license command displays 0 ICA users. Following is a sample output of the show license command:

After restarting the appliance, the license.log file in the /var/log directory displays the error message, as shown in the following screen shot:


The following increment entries in the license file were verified as explained in Knowledge Center article CTX125567 – How to Configure an Access Gateway Enterprise Edition Appliance with Unlimited ICA Connections

INCREMENT CAG_ICA_CCU CITRIX 2011.0202 permanent 10000


The Platform License for Unlimited ICA connections file was allocated and downloaded in a single file along with other licenses available on the Citrix Website.


Reallocate and download all the licenses as separate files. The Platform License should not be downloaded into the same file, which contains other licenses.

Types of Licensing Available for NetScaler and Access Gateway Enterprise Edition Appliances


This article contains information about various types of licenses available for NetScaler and Access Gateway Enterprise Edition appliances.

Types of Licenses

Citrix provides the following types of licenses for NetScaler and Access Gateway Enterprise Edition appliances:

  • Retail NetScaler (physical box) License: This is a license for the physical appliance. This license helps you to enable all necessary features of the appliance and 5 Secure Socket layer (SSL) Virtual Private Network (VPN) connections. By default, this license is allocated to Hostname “ANY” in the MyCitrix Web site. You cannot change this allocation.
  • Other NetScaler licenses: These licenses include Internal, Partner USE, DEMO, EVALUATION, or VPX. You need to allocate these licenses to to Host ID of the appliance.
    Refer to the following Knowledge Center articles for more information:
  • Access Gateway Platform License: You must upload this license to increase the Independent Computing Architecture (ICA) connections up to 10000.
  • Access Gateway Universal Licenses: This license increases Full SSL VPN connections.

You need to allocate some of these licenses to the NetScaler Licensing Hostname, which is configured in the /nsconfig/rc.conf file. This hostname is not necessarily the same Hostname that was created by running the set ns hostname, unless you have configured otherwise. By default, the hostname in the /nsconfig/rc.conf file is “ns”, as shown in the following command output:

root@ns# grep hostname /nsconfig/rc.conf

If there is an issue with the hostname allocated for the Access Gateway Platform license, then you can verify the content of the /var/log/license.log file, which should be similar to the following sample content of a /var/log/license.log file:

34 (CITRIX) Wrong hostid on SERVER line for license file:
9:50:34 (CITRIX)       /nsconfig/license/license_20110316121246.lic
9:50:34 (CITRIX) SERVER line says HOSTNAME=My-Netscaler, hostid is HOSTNAME=ns
9:50:34 (CITRIX) Invalid hostid on SERVER line

In the preceding sample, the license is incorrectly assigned to the My-Netscaler hostname considering that to be the Licensing Hostname because the hostname was set as My-Netscaler by running the set ns hostname command. However, the rc.conf file has the hostname set as “ns”.