KB40114 - Citrix StoreFront WebSocket error "Citrix Receiver cannot connect to the server"

When using HTML5 access for Citrix StoreFront through the PCS device, end users will receive the following error message:
 

Citrix Receiver cannot connect to the server

OR 
 

Citrix Receiver cannot create a secure connection in this browser

In the web socket connection request header, PCS device will send the request to the backend with a parameter called "Origin".  This parameter will contain the PCS URL.
 

GET ws://abc.xyz.com/?encoding=text HTTP/1.1 <--- Back end URL
Origin: http://vpn.xyz.com    <---- Appliance's URL
Cookie: __utma=99as
Connection: Upgrade
Host: echo.websocket.org
Sec-WebSocket-Key: uRovscZjNol/umbTt5uKmw==
Upgrade: websocket
Sec-WebSocket-Version: 13

If this PCS URL (in the Origin parameter) is not added, under the WebSocket Trusted Origin Server List on the Citrix Server, the server will close the TCP connection causing the client browser to receive a '500 Internal Server Error'.  This is a security measure from the Citrix side.


 

To resolve this issue, add the PCS URL to the "WebSocket trusted origin server list".

1. Under Citrix Policy, go to Policy
2. In the middle pane, under Policies, modify an existing policy or create a new policy
3. In the right pane, click Actions > Edit Policy
4. Edit Unfiltered window will appear, then type websoc and hit Enter.
5. Select WebSock trusted origin server list
6. Enter the PCS URL
7. Click OK

For more information, please refer to WebSockets policy settings

Citrix Link:
http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-6/xad-policies-article/xad-policies-settings-wrapper/xad-policies-settings-ica/xad-policies-settings-web-sockets.html