In a specific situation but with not necessary rare configuration you get the following error message with Android Citrix Receiver: "Error has occurred while connecting. Check your server address and data connection."
Before I go into my specific issue with the error you should check out the following Citrix article:
- Receiver for Android Connects to Default StoreFront WebUI
- Android receivers unable to enumerate apps after NS firmware upgrade to 11.0
First the environment in question with the key components
- Citrix Netscaler 11.0
- Citrix Netscaler load balancing of StoreFront server
- Citrix StoreFront 3.5
- Citrix Receiver for Android
Let's see what the problem is
Please note that other devices don't get the error and can connect just fine. First I checked StoreFront eventlog where you might see request to the auth service but with the StoreFront loopback address 127.0.0.1. Later I found out that happens when using the browser on the Android device to launch sessions. Next I reviewed the Receiver log from the Android device and found: "Authentication error: Unable to respond to any of these challenges" as response from StoreFront.
Obviously something is wrong with StoreFront mainly for using the loopback address. Now you can waist a lot of time digging into StoreFront or go straight to a fresh install to the latest StoreFront version 3.7. That solved the loopback error in the StoreFront eventlog but still the same error at the Android devices.
After further investigation (process of elimination) I found the source to be the load balancer persistence setting "COOKIEINSERT". Now this is the official and Citrix documented setting for load balancing StoreFront server https://docs.citrix.com/en-us/storefront/3/integrate-with-netscaler-and-netscaler-gateway/load-balancing-with-netscaler.html but turns out to be an issue with Android devices.
The solution is to change the load balancer persistence to "SOURCEIP" and I even added the X-FORWARDED-FOR option to the load balancer service.
After that ALL devices where happy to connect through: Netscaler Gateway -> virtual load balancer -> to StoreFront server to finally get the application set and launch successfully the ica session. As a side note, a manual Receiver setup worked even without the changes.