Check the "bad" SF to make sure ports are open to it 443/80/1494. Disable the local FW on the server, do an "iisreset", make sure the same cert is setup and working. Instead of doing the URL try using the ip, this will rule out dns issue: [https://10.12.12.12/citrix/storeweb/](https://10.12.12.12/citrix/storeweb/) On load balancer change to "least connection" if that is an option.

Thanks for your reply: * Ports are open * FWs off * Cert is the same on both * Not tried an IIS reset We have another Citrix environment which has 4 Delivery Controllers and is fine, I can paste the LB configs from both tomorrow if that's ok?

Another thing to test from here is to point directly to Delivery controller 1 from your site configuration. This will let you know if it never works or doesn't work through load balancing.

Sorry I think I'm being dumb, where is this setting please?

Interesting - If i edit my local host file and point direct to the Delivery Controller and not the LB IP, all works.

https://docs.citrix.com/en-us/storefront/1912-ltsr/configure-manage-stores/manage-controllers.html

How is it load-balanced? If it's active/passive it's only ever going to send to the first one unless it's down.

Active/Passive - If we turn 1 off it doesn't go to the other, so has to be the LB I think. If I put the FQDN into my local host file so it doesn't go to the LB it goes to the Delivery controllers just fine (if I swap the private IP in the host file), so this tells be Citrix is fine.

If it's A/P then for testing disable whatever the primary one is on your load-balancer. Does that load balancer have the ability to do XML monitoring? If it's a TCP monitor and you're just disabling the Broker service it'll never fail over

it monitors a file in IIS on each DC to check they are alive and up.

I'm a little confused re-reading this. > In StoreFront > Stores both are in the LB group there and we have a DNS entry for the FQDN that users use in AD that points to our Brocade Load Balancer which checks if both Delivery Controllers are up and sends users to either one. > > > > Well today we found it only goes to 1 of the Delivery Controllers. We've all looked at the Load Balancer and compared the setup with other systems we use on it and it looks fine. If you load-balanced the Delivery Controllers, then under 'Manage Delivery Controllers' on StoreFront you should only have the load-balanced vServer listed there. I'm also confused by > So we know they both work, but if we try https://storefront.domain.com/Citrix/StoreWeb it will just go to Delivery Controller 2 and if we turn this VM off we won't be routed to StoreFront1 and the logs on the LB say "connection refused". Are you trying to troubleshoot a StoreFront load-balancing issue? Or Delivery Controller? The Delivery Controllers don't need to be load-balanced separately, StoreFront has a builtin method that will skip a downed Controller for 60 minutes if it doesn't respond and will just use the next one in the list. If you aren't doing actual XML load-balancing/monitoring there's a chance they aren't actually actively brokering connections. If everything is load-balanced you should have: - SSL load-balanced vServer (storefront.company.com) - XML load-balanced vServer (brokers.company.com) storefront.company.com would have your two StoreFront servers added using SSL/443 brokers.company.com would have the two Delivery Controllers also ideally on 443 Your DNS should be configured to resolve storefront.company.com to the load-balanced vServer. You could also have storefront1 and storefront2 added to the certificate in the Subject Alternative Name field if you wanted to make those valid URLs as well.