This article will guide you with the steps to enable XenMobile server and StoreFront Server integration when XenMobile environment is enabled withCertificate + Domain based authentication.

To achieve the above use case, you as an admin need to setup the following.

1. Configure/Enable XenMobile environment with Certificate and Domain Authentication.

2. Configure StoreFront server’s PNAgent in XenMobile Server.

Pre-requisites

This document is prepared assuming that

1. You have working XenMobile environment enabled with Certificate + Domain Authentication. You can find the steps to enable the XenMobile Environment with Certificate and Domain authentication @https://support.citrix.com/article/CTX220479
2. You have NetScaler, Storefront and XenMobile server talking to same Active Directory.
3. 你有店面从网服务器可及caler and XenMobile server.
4. You have a custom port (other than 443) open from the public network for the same public NSG IP for which you have Certificate + Domain Authentication is enabled on NetScaler. You will create a new NetScaler Gateway for the HDX traffic on the same NetScaler on a custom port, since Receiver does not support Certificate based authentication.

Note : All screenshots in this document are for representational purposes only.

进行guring Storefront PNAgent and NetScaler in XenMobile Server

1.	Login to XenMobile admin console from the browser, once logged in navigate toSettings>XenApp/XenDesktop.
2.	Under XenApp/XenDesktop, provide the following required information: a. Provide the Host name of the StoreFront/PNAgent server. b. Set the respective port. c.Provide the PNAgent relative path. d.If you are using secure connection, turn on the Use HTTPS flag. Click Test Connection to validate the connectivity of StoreFront server from XenMobile server, if successful click Save.
3.	Under Settings, click NetScaler Gateway.
4.	进行gure the Credentials Provider (for Certificate based Authentication) and ensure the Login Type is set to Certificate and Domain. Note: To enable Certificate and Domain authentication you can refer tohttps://support.citrix.com/article/CTX220479

进行guring NetScaler Gateway to enable HDX App Launch

1.	Login to NetScaler Server and navigate to NetScaler Gateway >Virtual Servers and Click Add.
2.	Provide the below details of the VPN Vserver and Click Ok. Name: “Name of the Virtual server” IP Address: IP address of the XenMobile NetScaler Gateway. Port: While you can provide any custom port, for illustration purposes, we have used 8443. This port should be accessible from the public Network.
3.	To add a server certificate, click “No Server Certificate”.
4.	Click to Select the Server Certificate.
5.	From the list, click the radio button for the required server certificate and click Select.
6.	After you select the Server Certificate, click Continue.
7.	Under Basic Authentication, click Continue. Note: We will not use any authentication on this Vserver.
8.	To add policies, under Policies click on +
9.	Within Policies from the Choose Policy list select Session and from the Choose Type select Request and click Continue.
10.	Within the VPN Virtual Server Session Policy Binding list, select the policies you want to bind from the previous XenMobile NetScaler Gateway.
11.	From the Choose Policy list, choose Clientless and Click Continue.
12.	Click to select the Clientless policies you want to bind. Note: While you can re-use the Clientless policies from your previous Gateway, however you can also duplicate them.
13.	Under Published Application, click NO STA Server to add the STA Servers.
14.	Click to bind the STA server of XenMobile server and the StoreFront servers.
15.	Under Other Settings, provide the XenMobile enrollment URL appended with port 8443 in AppController.

进行gure App Push policy for Receiver

1.	Once logged in to the XenMobile server, navigate to Manage >Apps.
2.	Within the Add App Pane, select Public App Store.
3.	Provide the Name of the application and click Next.
4.	With the Platform sidebar on the left, choose iPhone and search for Receiver. click Citrix Receiver and click Next. Note: Perform the same step to add the Receiver for iPad and Google Play.
5.	Within Delivery Group Assignments, search for policies to assign to one more Delivery Groups and click Save.
6.	Navigate to Delivery group and mark the Receiver app within the Required Apps panel to enable the Automatic push of Receiver.

进行gurations on StoreFront Server

1.	Launch StoreFront App. Within Stores in the Actions panel, click Manage NetScaler Gateway.
2.	In the Manage NetScaler Gateways window, click Add.
3.	Within General Settings, Provide the below details. a. Display name: Provide the User-Friendly Name. b. NetScaler Gateway URL: Provide the NetScaler Gateway URL (along with the custom port) that you have created in the previous step. Example: Note: You will need to use the new NetScaler Gateway for the HDX traffic here, which you have created in the previous step.
4.	Under Secure Ticket Authority. click Add, Provide the STA URL and click Ok. Click Next.
5.	Under Authentication Settings, provide the VServer IP address, Set the logon type as Domain, provide the Callback URL. Click Create.
6.	Under Summary page, review settings and click Finish.
7.	From the StoreFront pane, Within Store Service click on “Configure Remote Access”. In the “Configure Remote Access Settings – Store Service” select the Gateway that you have created in step 3 to 6. Click Ok.
8.	From the StoreFront pane, under Store Service click on Configure XenApp Services Support and make sure “Enable XenApp Services support” is checked. Click Ok.

End User Experience

1.	Once the device is enrolled to the XenMobile environment. Navigate to the App Store to view the enumerated HDX apps.
2.	Click Add to add a Published application.
3.	Launch the Publish application to leverage the Receiver.

If you are using older version of servers you can refer to the following link for more information -//m.giftsix.com/blogs/2014/01/17/xenmobile-enable-hdx-apps-with-certificate-based-authentication/