Citrix Receiver for Windows 8 RT – How to get it working. 8

As you guys know I got a Windows Surface a couple months ago (at launch) and have been trying to use it as much as I can, integrating it to anything I may have up and running.

The first test I did was to get the Windows Server 2012 RemoteApp feed going with it. It does work and provides decent performance. Published apps in seamless windows, it is all there and works pretty much out of the box. How to get that working is the subject for another post and for the book I am finishing with Freek Berson (by the way, it is being officially sent to Apple March, 1st – what happens after, we will learn later).

As I do have a XenApp/XenDesktop environment I wanted to use the Surface as a client. That required me setting up StoreFront (and dealing with its SQL issues – addressed on this post) and the Access Gateway, running on a Netscaler VPX appliance.

So as of today this is what I have:
– Netscaler VPX NS10.0: Build
– StoreFront 1.2 running on Windows Server 2008 R2.
– Both running under VMware ESX 5.0. Yes, I did not update it.

The key thing with the Surface is to get the damn Access Gateway Session Policy/Profile done properly. The steps you need to follow are actually simple and you can potentially have all this configured in 5 minutes. I assume your Netscaler VPX with an Access Gateway virtual server is already up and running for this.

1. Under Access Gateway > Virtual Servers find your virtual server, right click it and select ‘Open’.
CAG1 2. Click on the Policies tab and then Clientless. Then click ‘Insert Policy’ at the bottom.
3. Under ‘Profile’ simply select ‘ns_cvpn_default_profile’. It will have all the options pre-set for you.
4. For the expression what you need is this: HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“WindowsRT”)
CAG4 So this is what your clientless policy will look like.

Before you ask, yes it has to be WindowsRT and NOT WinRT. I know WinRT is what is used for Windows 8 but for RT for some reason is WindowsRT. I tried and tested with Jarian the WinRT and no go. Does not work with the Surface. Once we switched to WindowsRT, all good.

5. Now on the Policies tab, Session you will need a policy (and a profile for it) with the lowest number for the priority (so it is top priority) that will look like this (do not worry, let’s see how to create it step-by-step):
CAG5 To create it, click on ‘Insert Policy’ at the bottom and once the screen shows up you will need to create a new profile first (click ‘New’ beside ‘Request Profile’. The first thing to be changed is on the Client Experience tab. You need to change:
– Home Page: set it to your StoreFront site. Mine for example is set to (checked).
– Clientless Access: ON (checked).
– Single Sign-on to Web Applications: checked.
– Credential Index: Primary (checked).
CAG6 On the Security tab:
– Default Authorization Action: ALLOW (checked).
CAG7 On the Published Applications tab:
– Make sure ICA Proxy is NOT checked (has to be showing as OFF).
– Web Interface Address: the EXACT same as you set as Home Page on the Client Experience tab. So in my case
– Single Sign-on Domain: your AD Domain name.
CAG8Now all you need is to make sure the actual Session Policy looks like this (by adding the expression):
CAG9That is all regarding Session Policies/Profiles and Clientless policies/profiles for the Windows RT.
Once you launch the Citrix Receiver on the Surface simply enter the address for the Access Gateway like It will ask you for credentials and once entered you should see your apps (assuming you already set apps) or it will allow you to pick the available apps.
I then tested this internally and externally (over an LTE Hotspot) and it worked flawlessly in both cases. It is worth mentioning that every time I would screw something app on the AG configuration (i.e. use WinRT instead of WindowsRT on the expressions) the Surface Receiver not only did not find the apps (would throw an error) but once the AG was configured properly it would still refuse to work requiring an uninstall and a reinstall of the Citrix Receiver on the Surface. Keep that in mind. The current version is still a little temperamental…

If you see anything wrong with this post or need more info just give me a shout.



31,851 total views, 5 views today

Leave a comment

Your email address will not be published. Required fields are marked *

8 thoughts on “Citrix Receiver for Windows 8 RT – How to get it working.

  • Rohan P

    I have XenDesktop setup with AGEE with basic mode and Web Interface (I’m not using storefront) I am able to make it work on android,ipad and but not able to make it work with WIndows8RT. Whether the above configurations work for AGEE with basic mode?. I’m able to authenticate (using dual factor authentication) but no apps/desktops are showed to add. Any thoughts?

  • Austin

    It is my understanding that the desktop receiver will only work with Storefront configuration installed. I have made numerous attempts to get this working with Netscaler VPX10, but I can only get it to work with mobile device receivers. Does anyone know if I need to utilize a specific expression to allow the desktop receiver to function properly? I simply receive the error that the receiver could not find the site. Any insight would be greatly appreciated

  • stéphanie

    Hello and thank you for your post!
    I want to buy a tablet and because I want to be able to occasionally distance work with it, combined with budget reasons, i chose the “Microsoft Surface RT 10,6″ 32 Go” ( . Any chance I can get a normal distance access with this tablet, knowing that my office uses Citrix Receiver (Citrix client software), through the steps you prescribe?
    Sorry to bother you, you would have understood i’m very bad at IT stuffs (lawyer)…
    Many thanks in advance and cheers from France!

    • crod Post author

      The Surface will work fine Stéphanie. If your company users what we call the Citrix Web Interface all you need is to launch IE, go to the web interface site and login using your company credentials. It will work in that case.
      Of course if your company has a Netscaler it can also be configured to work with the RT.

  • Brent

    Ok, so I’ve gone through this and most of my settings are the same. I am in Basic Mode. The webinterface address in http and not https.

    It works as I’m able to sign in from a surface or windows 8.1 pc. I just don’t have a plus sign to add apps. I can right click to see one or swipe on a surface. Is this correct or did I miss something?

    Just curious if you’ve seen this or now.