Windows Live Alerts
Start access
Support Forum
Remote Desktop Services
Terminal Services
Web Interface
Tips & Tools
Lassen Sie sich von einem Experten Beraten

How to use Citrix Receiver 4.x Print E-mail
Written by Thomas Koetzing at Wednesday, 07 May 2014

Article Details 
User Rating:   | 439

How to use Citrix Receiver 4.x
When I'm onsite at a customer I see very often that Program Neighborhood or an old online plug-in is used. Companies have a hard time to switch to new directions, especially when the end user is involved.
In this article I want to show how the new Receiver way looks like and what advantages it might have. Also there is a lot information out about Receiver on the Internet but not really how to use it and what steps are necessary.

Citrix Receiver 4.1 facts 
- Has the ability to create start menu shortcuts using publish settings
- Has the ability to create a folder in the start menu and in there all apps
- Has the ability to create apps in add/remove programs
- The self-service plug-in can be pre-configured through command line or GPO
- The self-service plug-in can use single sign-on (SSON), admin rights required
- Applications can be auto applied and soon also as mandatory apps
Requires Citrix StoreFront to work properly
- Works internal and external when StoreFront is configured with a Gateway
- Uses SSO internal but show two way authentication from external if configured
- Through beacons differentiates between internal- and external network
- Can be auto provisioned with a provision file


- email/URL ONLY works with StoreFront installed and properly configured first!
- URL is by default HTTPS and only the FQDN is need like
- email ONLY works when a DNS service record is set and SSL is used with the email domain
- The local Receiver can be "activated" that is configured through Receiver Web!

Citrix Receiver 4.1 setup
The Installation to make all things run smoothly can be quite challenging and needs improvement by Citrix. I hope I can help with this article

The base setup (requirement) is as follows:

  • StoreFront 2.1 installed and configured with/without Netscaler Gateway. The store name is "Store" and the Receiver Web site is "StoreWeb". HTTPS (SSL) is enabled in IIS, don’t even start without using SSL!!!
    Citrix StoreFront - Implementation Guide 
  • For external access Netscaler 10.1 is configured and set for two way authentication using token
  • Receiver 4.1 is installed with administrative rights and from the command line

Download the latest Citrix Receiver from and rename CitrixReceiverWeb.exe in CitrixReceiver.exe. Citrix claims when using CitrixReceiverWeb.exe, then the user will not be asked for email/URL but I have seen this many times not working and causes a lot of problems

To Install Receiver, open an Admin CMD and use the following command line where you need to change the store URL:
CitrixReceiver /silent /includeSSON ENABLE_SSON="Yes" UseCategoryAsStartMenuPath="True" STORE0="Store;;On;MyDomain Receiver Store"

Silent Installation

installs the single sign-on component

uses the category used in the publish application properties and creates them in the user start menu

STORE0="Store;;On;MyDomain Receiver Store"
Store name and discovery URL.

More details on the command line options can be found here

Result is the black Receiver icon in the system tray. Double clicking the icon opens the self-service plug-in that will connect to the StoreFront URL and ask for user credentials


Enable single sign-on for the self-service
This includes several configuration steps and all are a must requirements

  • You must enable XML trust for every controller (XenApp, XenDesktop) that is used in StoreFront. XenApp in the console or policy and in the newest products through PowerShell!
  • Use Internet Explorer and open Receiver Web
    Right click on an empty part of the website and chose properties. Make sure that the site belongs to the local intranet. If not then you need to add the site, simply use *
    Once you have added the site, make sure it is now in the local intranet zone. This is very important because that is the only zone that allows by default to hand over local credentials (this was different with older IE versions but has changed for security reasons).
    Also the certificate must be fully trusted (green lock symbol). In case you are not using the server host name you have to add the spn using the setspn command.


  • Open the local group policy by start, run gpedit.msc (or use an AD GPO if you want). Add the icaclient.adm located in the installation path %ProgramFiles%\Citrix\ICA Client\Configuration and enable the use of the local credentials. Only this will actually launch the ssonsrv.exe process.


  • Logoff and back on. This is required for the single sign-on process to grab the credentials. Open task manager and ensure that the process ssonsrv.exe is running (there might be issues if you have other software also using the network provider like Intel Credential Manger etc.).
  • Double click the Receiver icon again and now you should get logged in right away and see nothing?! Only the note that you can add apps by clicking on the plus sign.
  • If you want to auto assign apps to users you have to publish them with keywords in the description. At the moment there is auto (auto add but can be removed) and StoreFront 2.5 has now also mandatory (sticky apps) keyword.
  • You can roam to any device and your app subscription will follow you.
  • Check also the start menu and desktop because you should have icons from published apps there too if configured.



Receiver external use
Here comes a nice thing. You have previously configure Receiver internally and now you take your notebook home (external). You double click the Receiver icon and through the beacons Receiver determines to use the Netscaler Gateway. In this scenario there is no single sign-on because tokens are used with the Gateway. A logon dialog comes up and ask you for your credentials and the passcode. Afterwards you can use Receiver as before. If you are back in the company, single sign-on will kick in again and no login dialog will show up.



What needs to be better with Receiver?

  • The whole single sign-on is quite complex to configure and needs to be easier
  • Citrix needs to think more of customer using Receiver on unmanaged devices. Self-service is for the cloud and there I cannot set group polices on the device.
  • The previous is also true for other settings. In early days you could change centrally the ica template and things worked at the client even unmanaged. Now client seamless flags can only be set by gpo
  • The self-service plug-in needs to be constantly quick. If a user double clicks the Receiver icon then the Window must come right away and not minutes later.
  • The start menu integration update is quite slow if it works at all. For an update re-install Receiver!?
  • The Receiver settings are quite hidden and a pain to open. Sometimes I think they recompile Receiver each time I want to go into settings, especially if you have more plug-ins loaded
  • Mandatory apps, notification messages, auto launch I mean, hello this is a very old story!
  • Company branding? Why not uploading customizations with the provision file? All Receiver look the same as my company, not as Citrix!
  • GPO is the way Citrix goes? Then why isn't there a real gpo to allow client mappings instead of registry hacks? This is causing a lot of issues with users.   
  • Install, upgrade and especially uninstall must work easily and not by a bunch of manual tasks and afterwards the Citrix Cleanup Utility
  • Citrix should make sure Receiver works with other components like VDA. Cross testing? Does that anyone at Citrix?

Citrix Receiver X1
Announced at Citrix Synergy Anaheim 2014 Comes with a fresh Design that has a Windows 8 style. When looking closer you will see similarity with the quite old Citrix Dazzel. Receiver X1 supposed to be central rebranded and brings back functionality from previous Versions.



SSO via Netscaler
Written by Guest on 2014-07-15 15:08:37
Hi Thomas, 
Thanks for this excellent article. I was wondering if SSO is also possible for external clients? Most of our clients use the web site to logon to citrix and not the receiver client.  
Internally I have SSO to Storefront, however, externally I'm always presented with a logon dialog. 
When I look at the log (cat /tmp/aaad.debug), SSO is not attempted at all. 
Is it possible to have SSO via Netscaler to Storefront without disabling authentication on Netscaler (and settings requireTokenConsistency to false on Storefront)? 
Thanks and kind regards

Written by Gast on 2014-08-07 15:27:40
So ein Produkt zu veröffentlichen das kann sich auch nur citrix Leisten.

Written by Gast on 2014-09-29 16:39:25
Wie sieht es eigentlich im Falle von BYOD aus? Hier läuft ja kein Receiver-seitiges SSO, da die Domain-Kennung erstmals am Storefront eingegeben wird. 
Kann das dann auch an die Windowsanmeldung der XenDesktopVM übergeben werden?

Written by Thomas Koetzing on 2014-09-30 07:00:10
>Kann das dann auch an die Windowsanmeldung  
>der XenDesktopVM übergeben werden? 
Das ist der Normalfall das nach Anmeldung an mobilen Recivern die Anmeldung an den Endsystemen per SSO erfolgt.

Written by Guest on 2014-11-06 11:02:03
I cant stand this new receiver 4.1 when it comes to the way we used to be able to launch published applications from the command line. It's now almost impossible to use and extremely complex. Why do they keep changing things that work into something that is overly complex and almost impossible to manage????

Written by Gast on 2015-01-05 13:28:23
"I cant stand this new receiver 4.1 when it comes to the way we used to be able to launch published applications from the command line. It's now almost impossible to use and extremely complex. Why do they keep changing things that work into something that is overly complex and almost impossible to manage????" 
Dem ist nichts hinzuzufügen.

Using an alternative port to 443
Written by Guest on 2015-02-02 10:30:11
Can the windows receiver be configured to use a port other than 443?

Written by Gast on 2015-03-10 14:42:59
ich habe XD7.6/XA installiert. Meine VDIs wurden über PVS provisioniert.İch habe xenapp applications auf VDI machine via Citrix Receiver provisioniert. Passthrough funktioniert sehr gut aber wenn ich auf den VDI meine Apps lösche und abmelde und neu anmelde,erscheinen Apps auf dem Desktop nicht automatisch. ich muss receiver manuell aktualisieren. Wie kann ich dieses Problem beheben? 
Vielen Dank  

Written by Gast on 2015-10-29 17:58:31
Receiver 4.3, funktioniert gut, aber nach Passthrough-Anmeldung funktioniert kein "Abmelden" mehr, weder im Systry-Symbol, noch im SelfService-Plugin, obwohl "Abmelden" anklickbar ist passiert nichts. Hat da jemand eine Idee oder das gleiche Problem?

Citrix öffnet nicht
Written by Gast on 2015-11-15 14:35:12
Hallo, ich bin kein Computerexperte. Dies mal schon im Voraus. 
Wenn ich mich anmelde in Citrix und auf öffnen gehe kommt ein Feld mit dem Hinweis: Press any key to continue. 
Kann mir hier jemand weiterhelfen? 
wenn ich nämlich eine Taste drücke tut sich leider nichts.

Webinterface addition!
Written by Guest on 2016-04-18 09:41:06
remember to put /config.xml at the end of the URL if you have a Webinterface setup! Now I've finally got it working. 
Roland van der Kruk

NOTE  You have to register in the Forum to post comments with your name.

Write Comment
BBCode:Web AddressEmail AddressBold TextItalic TextUnderlined TextQuoteCodeOpen ListList ItemClose List

Code Verification
CAPTCHA Security Code Security Code *

find or follow me @