Citrix NetScaler StoreFront Load Balancing

In this post I will show you how to load balance two StoreFront 3.0 servers through NetScaler 11. In this demo I am using two StoreFront servers named StoreFront1 and StoreFront2.

  • StoreFront1 – IP = – Protocol = HTTPS
  • StoreFront2 – IP = – Protocol = HTTPS
  • LB vServer – VIP = – Protocol = SSL

To configure StoreFront load balancing we need the following:

  1. Two or more StoreFront servers
  2. The SSL certificate used to secure communication if StoreFront is using HTTPS. This should be installed on your NetScalers. My StoreFront servers are using HTTPS so certificates apply
  3. StoreFront server objects, service objtcts and monitors
  4. A Load Balanced vServer that users will connect to when accessing StoreFront

Enable Load Balancing by navigating to Configuration -> System -> Settings -> Configure Basic Features.


Tick the box next to Load Balancing and click OK.2-min

Time to add objects for each of your StoreFront servers that you want to load balance. Navigate to Traffic Management -> Load Balancing -> Servers -> Add.3-min

Enter your first StoreFront servers information: Name, IP Address, Create.4-min

Repeat the process for your remaining StoreFront servers.5-min

Once done two server objects that I have just created now show and are enabled.6-min

Navigate to Traffic Management -> Load Balancing -> Monitors -> Add. We need a way of monitoring the two StoreFront servers so that in the event one goes down users are not routed to that failed server. Citrix have a created StoreFront monitor built in to NetScaler which we will use. The monitor is named STOREFRONT.7-min

We will be creating a seperate monitor for each StoreFront server. Within the Standard Parameters tab, enter a name referencing your first StoreFront server. Click the type drop-down box and select STOREFRONT. Enter the Destination IP (your StoreFront servers IP) and the port StoreFront is configured to listen on. My StoreFront servers have been configured to use HTTPS/TCP 443.8-minCheck the Secure check box.58-min

On the Special Parameters tab, enter the name of your Citrix Store and check the boxes for StoreFront Account Service and Check Backend Services. Click OK.9-min

Repeat the same process for your remaining StoreFront servers.10-min

Once done, the two StoreFront monitors are created and ready to be attached to service objects.


Now we need to create those service objects. Navigate to Traffic Management -> Load Balancing -> Services -> Add. 12-min

Enter a name for your service, and attach an existing server object that you created earlier. StoreFront1 will be the first server attached to this service. Click OK.13-min

We need to add the STOREFRONT monitor to the service we are creating. Click underneath Monitors to add the monitor we created for StoreFront1.14-min

Click Add Binding.15-min

Click on Click to select beneath Select Monitor*.16-min

Select the monitor previously created and then click Select.17-min


Click on Bind.19-min

Click Close.20-min

Repeat the same steps to create a service for your remaining StoreFront servers and attach a monitor. Click OK.


Click Close.22-min

Notice both services that I created are in the down state. This is because when configuring the StoreFront monitors I asked the monitor to Check backend services. This is OK and StoreFront monitoring is built in to v3.0 by default but only via HTTP. My StoreFront servers are using HTTPS so the monitor I created earlier is trying to probe the backend services of our server through HTTP. StoreFront prior to v2.6 needed an additional add-on installed to support NetScaler -> StoreFront monitoring. 23-min

The monitoring service is accessible on each StoreFront server over port 8000 as shown below.24-min

To change this to HTTPS. We need to configure the monitor service to use HTTPS instead. On all the StoreFront 3.0 servers perform the following steps.

Run PowerShell as an administrator.


Change directory to the Scripts folder. The location may be different for you depending on your install.26-min

Execute the ImportModules.ps1 PowerShell script.27-min

After the modules have been imported, running the Get-DSServiceMonitorFeature command will confirm the current StoreFront monitor URL and that it is using HTTP.28-min

Now run the Set-DSServiceMonitorFeature -ServiceURL https://localhost:443/StoreFrontMonitor command.29-min

Enter the new HTTPS URL in your web browser to make sure you get a response from the StoreFront monitor service.30-min

Now back on the NetScaler the StoreFront1 service is now up. This is because NetScaler’s monitor can now probe the StoreFront monitoring service via HTTPS.


Both services are up.32-min

So, as a summary we have server objects created which we then attached to services. These services also have monitors bound against them. The remaning piece we need is a Load Balanced vServer. Browse to Traffic Management -> Load Balancing -> Virtual Servers -> Add.33-min

Enter a name, protocol, IP address, and port for your vServer. Click OK.34-min

Click on No Load Balancing Virtual Server Service Binding.35-min

Click Click to select.36-min

Select the two services created earlier for each StoreFront server. Click Select.37-min

Click Bind.38-min

The service members are now bound to the vServer. Click Continue.39-min

Cick on No Server Certificate. We need to bind a certificate that matches the hostname we will use for our vServer, which resolves to the VIP of the vServer.40-min

Click on Click to select.


Click on StoreFrontCertificate. Click Select. Obviously here your certificate will be called something different.42-min

Click Bind.43-min

The StoreFront certificate has now been attached to the vServer. Click Continue.44-min

Expand Method and Persistence. A load balancing method and persistence type must be defined.45-min

Under method select ROUNDROBIN. You can also choose other methods such as LEASTCONNECTION which would normally be my preferred choice however for this demo I am selecting ROUNDROBIN. I’ll be able to test the Round Robin feature later to make sure load balancing is working as expected. Click OK.46-min

Under Persistence choose SOURCEIP.47-min

Click Done.48-min

The new StoreFront vServer is up and online.49-min

Save your running configuration.50-min


Ensure you have an internal DNS A record pointing to the StoreFront Load Balanced vServer VIP. This is part of the URL that users will use to connect to StoreFront/Receiver for Web. This hostname A record must match the subject name of the certificate attached to the Load Balanced vServer.52-min

Now with DNS resolution in place enter the Receiver for Web address in to your web browser. Your connection request will be load balanced through NetScaler and Receiver for Web will display.53-min

Once authenticated you can now access your published applications and desktops.54-min

To test that the ROUNDROBIN load balancing method is working, you can enter the URL which shoud resolve to the default IIS web page by default hosted by either of your StoreFront servers. The first request sent me to StoreFront2. I edited the iis-85.png image file and wrote StoreFron2 on the image using paint and did the same over on StoreFront1. This made it easy to identify which server I was being connected to.55-min

The next request directed me to StoreFront1 as expected.56-min

Alternatively on the NetScaler you can look at the statistics of your Load Balanced vServer and services. Keeping an eye on the Service Hits, Requests, and Responses will indicate which StoreFront server is taking the hit. Here you can see the difference between service hits on StoreFront 1 to StoreFront2, which is a result of persistency. If no persistency was set against general web servers for example, the service hits would in most cases be the same.57-min


  • Anonymous

    May 20, 2016

    thank you

    • VanT

      February 23, 2017

      This is by far the most detailed Load Balancing guide! Thanks for your work mate!


Leave a Reply