Citrix Access via Chrome is Broken

Purpose:
This post explains Google Chrome functionality that can negatively impact the access to any Citrix environment.

Symptom:
After clicking on a published application or desktop icon in StoreFront using Chrome–nothing happens.

or

After logging on to StoreFront using Chrome, it never thinks Citrix Receiver is installed and offers it to me to download before I get to see my icons.

or

You have a warning to, “Unblock the Citrix plug-in.”

blocked_citrix_pluginResolution:
1) Re-enable the plugin using CTX137141.  This workaround will end in November 2015 when Google permanently disables NPAPI.
2) Customize StoreFront to remove the prompt to download Receiver with customized code.
3) Customize StoreFront with a link to download Receiver with customized code.
4) Enable a user setting to always open .ica files using CTX136578.
5) Use another browser not affected by the Chrome changes.

Cause:
Back in November 2014, Google announced it would remove NPAPI support from Chrome.  They are making this change to “improve security, speed, and stability” of the browser.   In April 2105, they will change Chrome’s default settings to disable NPAPI before removing it entirely in September of 2015.

What does this mean for my Citrix users who use Chrome?

Receiver detection.  The NPAPI plugin that Receiver (Windows and Mac) installs allows Receiver for Web (aka StoreFront) to detect if Citrix Receiver is or is not installed.  Without this plugin, it assumes you do not have Receiver and will offer it for you to download and install.  As an aside, you may have noticed that Internet Explorer has an ActiveX control that does the same thing.  If your user does not have Receiver then they can not launch their Citrix application or desktop, so this is a good thing. If your user is already running Receiver but gets offered the Receiver download this will be confusing and could potentially be a bad thing.

Launching applications and desktops.   Let me explain what should happen when you click on the icon for, say, Outlook 2010 in StoreFront (aka Receiver for Web).  StoreFront will talk to a delivery controller to figure out what machine is hosting Outlook 2010 and has the lowest load.  StoreFront will then offer you a .ica file to download.  If you have the plugin, Windows will know that this is a configuration file that should be opened by Receiver.  Receiver will then connect you to your application.  This all happens quickly and seamless making it seem like Outlook 2010 launches immediately.

Without the plugin, you will download an .ica file but Outlook 2010 will not open until you click it.  Chrome does have the option (the arrow on the downloaded file) to “Always open files of this type” as shown in CTX136578.

References:
http://blogs.citrix.com/2015/03/09/preparing-for-npapi-being-disabled-by-google-chrome/
http://blog.chromium.org/2014/11/the-final-countdown-for-npapi.html
http://support.citrix.com/article/CTX141137
http://support.citrix.com/article/CTX136578

Brian Olsen @sagelikebrian

Sharefile SAML AD Authentication Fails on Chrome and Firefox

After configuring our ShareFile to integrate our AD accounts using AD FS 2.0 and SAML for login, we found several user could not log in with Chrome or Firefox.  They would go to the SAML login URL and then enter their correct AD credentials.  The login would then fail.  Using IE with the same credentials was successful.  After investigation, the issue was linked to AD FS 2.0 and Chrome/Firefox, not ShareFile.

The Solution below was found at http://exitcodezero.wordpress.com/2013/05/30/adfs-authentication-issues-with-chrome-and-firefox/

To correct the issues, disable Extended Protection in IIS on your ADFS server

  1. Open IIS Manager on your ADFS Server
  2. Expand your ADFS Server
  3. Expand Sites
  4. Expand Default Web Site
  5. Expand adfs
  6. Click to select ls
  7. Double-click Authentication 2013.05.30_adfs_auth_2
  8. Right-click Windows Authentication and select Advanced Settings… 2013.05.30_adfs_auth_3
  9. Set Extended Protection to Off 2013.05.30_adfs_auth_4
  10. Restart IIS or perform an iisreset

Citrix is all new in June

If you’ve been paying attention to Twitter lately, you’ve probably noticed that there have been a lot of new announcements and releases from Citrix over the past 7 days.   So many in fact it can be difficult to keep straight exactly what is going on.  I’m going to try to clear up some of the murk and hopefully help you understand how these announcements are going to impact your plans for the near future. I’ll try to detail each of the announcements and product updates and what’s new with them.

XenDesktop 7: This is Citrix’s flagship VDI product, which competes head to head with VMware’s Horizon View.   Hopefully most Citrix customers are also aware that most of the license editions for XenDesktop also include rights to Citrix XenApp (also knows as Presentation Server or MetaFrame).  Despite the bundling, XenApp and XenDesktop have always been two distict products with separate infrastructures and management frameworks.  XenDesktop 7 changes all that.  With the v7 release XenDesktop now fully encompasses all the functionality for application and desktop publishing from both server OS (XenApp/RDS – aka Hosted Shared) as well as desktop OS (XenDestkop/VDI – aka Hosted).  This means that from a single console you can configure desktops and apps published from Windows XP, 7, 8, Server 2008R2 and Server 2012.  Yes, I said desktops and apps!  Actually XenDesktop has had the ability to do “VM Hosted Apps” for a while but it was infrequently used; that capability is now core functionality and delivers the “seamless” published apps from both destkop and server environments.

Did I mention this is all in a single console?  Well, actually there are two consoles – the management/configuration interface which is now named “Studio” and a helpdesk and monitoring interface named “Director”.  XenDesktop admins will be familiar with both of these.  By the way, Director now has the ability to mine Edgesight data to provide historical information about users, apps, sessions, and hosts.

With the merger there is now a 4th edition of XenDesktop – now giving us Platinum, Enterprise, VDI, and Apps.  The Apps edition will map to the functionality which was previously provided by XenApp.

XenDesktop 7 also brings a host of new features and functionality including the H.264 supercodec, reverse seamless applications, and App DNA integration.  RemotePC is now configured from within the Studio console.   One of the more interesting capabilities is that you can now use MCS to manage your published app server farms which will greatly simplify single image management for smaller environments. Check out this blog for more details and a link to the Citrix TV session detailing the new features.

XenDesktop 7 brings with it a host of other updates:

  • StoreFront 1.2 -> StoreFront 2.0
  • Web Interface 5.4 -> StoreFront 2.0 (StoreFront is now required)
  • Provisioning Services 6.1 -> Provisioning Services 7.0
  • XenServer 6.1 -> XenServer 6.2
  • Receiver 3.4 -> 4.0  (and new receivers for iOS, Android, and OSX too)

It’s a pretty safe bet that if you use XenDesktop or XenApp you’ve got some new code in your future.

XenApp 6.5 Feature Pack 2: Much less hubbub about 6.5 FP2, but very noteworthy that in this same timeframe Citirx has chosen to issue an update to the existing XenApp product which offers many of the end-user benefits associated with XenDesktop 7.  This appears to be a recognition on Citrix’s part that customers probably will not migrate off of XenApp 6.5 in any great hurry, and this update removes much of the need.  XenApp 6.5 was originally released in August of 2011 and is widely deployed.  Details of the new features can be found here.

Cloudgateway is now XenMobile Apps: So if you’re looking for an updated App Controller, you need to look in a new place.  This heralds future integration between the XenMobile MDM solution and Citrix’s Web/SaaS/Mobile Application management.  We also saw a new release of XenMobile MDM 8.5 on June 28.

ShareFile Storage Center and Connectors are now Storage Controller 2.0: This brings the integration of the on-prem storage options for ShareFile all into one product, reducing the number of servers needed to connect to local storage zones, CIFS shares, and SharePoint.  It also provides read/write access to SharePoint sites!

XenServer 6.2: The latest release of Citrix’s XenServer hypervisor is more incremetnal and has not received much fanfare, with the largest announcement being that the product is now fully open source.  More details on the future strategy and new features can be found here.

NetScaler 10.1: It seems like this release has been kept fairly quiet, however the new HDX Insight reporting feature will offer great value to shops using NetScaler for its Access Gateway Enterprise Edition features.  Want to know how much data user sessions are moving?  Look no further!

VDI in a Box: Even VDI in a Box got an update, now at version 5.3. ViaB gets updates to support better 3D graphics. newer hypervisors, the H.264 supercodec, Windows 8 and Personal vDisk.  More info can be found here.

So June has been a huge month for Citirx with updates across nearly the entire product portfolio.  If you have or use Citrix products these changes will affect you.  If you need help or just want more information reach out to your Lewan Account Executive.  We’re here to help.

Enable Alt+Tab Application Toggling in a Citrix XenApp Desktop Session

I recently had a request for a user to be able to toggle between different applications inside their Citrix desktop session with alt+tab. The Citrix receiver provides this functionality with a registry change. There are a couple ways to send the hot key combo of Alt+tab to the Citrix session, but below I will show how to pass the physical hot key combo of Alt+tab from the client workstation to the Active Citrix session window (non-fullscreen mode).
This work will be done on the Client workstation and I am assuming the client has Windows 7 with Citrix receiver installed.
My background information was found here:
http://support.citrix.com/article/CTX118974
http://support.citrix.com/proddocs/topic/ica-settings/ica-settings-transparentkeypassthrough.html
1. Open regedit on the client device to edit the registry
2. Navigate to the key
HKEY_LOCAL_MACHINE \SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard\
3. Open Key: TransparentKeyPassthrough
4. Set the value to: RemoteRegistry changes for Alt Tab setting

5. Exit the Citrix receiver if it is started and log back into your Citrix desktop.
6. When the Citrix desktop session is the Active window, you will be able to toggle between the applications in that session with Alt+Tab

Lewan Synergy of the Rockies

Our Lewan Synergy of the Rockies event was yesterday, here are some highlights and links from the event.

Citrix Support – Premier Support calculator citrix.com/pscalculator. AutoSupport released for automated diagnosis of issues http://support.citrix.com/article/CTX135408

Citrix GotoMeeting – mobile clients have the ability to start and host a meeting as well as present content from the device. Whiteboard functionality is also built in.

Citrix XenServer – XenServer 6.1 released, includes support for Storage XenMotion, LACP (up to 4) support, batch conversion of VMware virtual machines

Citrix XenClient – added support for ultrabooks

Citrix ShareFile– What ShareFile does is: Store, Sync, Share

  • Sync and device with user files
  • Selective offline access on mobile devices
  • Data protection – encryption, lock, remote wipe, poison pill
  • Enables file sharing with anyone
  • Online file sharing space for virtual teams

With ShareFile Enterprise released, control plane resides at Citrix Online while the data plane can reside inside your datacenter, your data never resides outside. StorageZone Connect (tech preview) allows integration of existing file shares.

Citrix CloudGateway Enterprise – enabled mobile application management of iOS and Android devices, wrapped native app deployment via the Citrix AppController. AppController integrates mobile, web/saas, follow-me-data.

Just announced last week is @WorkWeb and @WorkMail, videos of this solution in action are here.

Citrix Receiver – Citrix Receiver for HTML 5 was released this summer, requires Access Gateway 10 and StoreFront 1.2. Enabled clientless access to Windows apps, Desktops, web and SAAS apps.

One Citrix Receiver look and feel across desktops and mobile platforms. First Time User experience allows setup and configuration with just a users email address.

Citrix RemotePC – Citrix RemotePC was released as part of Citrix XenDesktop 5.6 Feature Pack 1. RemotePC is the secure brokering of a physical endpoint (desktop or laptop) that is in your office (typically) via Citrix HDX technology. Think of it as GotoMyPC but with the centralized control over virtual channels (printing, clipboard, local drives, etc), automated provisioning of PC and end users, and the high performance of Citrix HDX. RemotePC is available in Citrix XenDesktop Enterprise and Platinum and in most cases won’t require any additional Microsoft licensing…as in you won’t need VDA licenses!

Universal Print Server– Combined with the previously available Universal Print Driver, administrators may now install a single driver in the virtual desktop image or application server to permit local or network printing from any device, including thin clients and tablets, leveraging HDX optimization technology to reduce bandwidth load over wide area networks and manage printing communications outside of the virtual desktop channel for enhanced Quality of Service. Use of the Citrix Universal Print Driver had previously been constrained to Windows devices because we relied on Windows to translate from Windows-centric print formats. With UPS, the print engine runs on a server, and we’re no longer limited to printing from Windows devices because the format translation is done on the server. There’s now little or no need to install 3rd party, non-native printer drivers, so overall stability is also improved.

Project Excalibur (XenDesktop v.Next) – Part of Project Avalon. Unification and simplification of XenApp/XenDesktop into a single architecture. XenApp IMA architecture has been around since Metaframe XP and in Project Avalon is being integrated into the Citrix XenDesktop FMA architecture.

Excalibur will also bring support for Windows Server 2012 and Windows 8 machine groups.

Also announced was a new SuperCodec using H.264 encode/decode. With so many devices support H.264 decode via hardware acceleration this could be a fallback encoding method for devices that don’t support offloading the multimedia to the client (ex: AVI, WMV, Flash). With the upcoming vGPU (GPU virtualization) the encoding could also potentially benefit from hardware based encoding. This technology will also support transcoding down high bit-rate video down to adapt to available bandwidth so that you can take 1080p video and transcode down to stream on 3G networks.

You can watch Citrix Synergy Barcelona session SYN133 on CitrixTV which goes thru the Excalibur release.

Excalibur will be available for download as a tech preview on November 1st.

Citrix Netscaler – Citrix Netscaler 10 now support scale-up, scale-in, and scale-out (TriScale) options with new Active-Active-Active-Ac.. scale-out options. Citrix and Cisco also announced a new partnership where Cisco will be selling Citrix Netscaler into their customers who are looking for Application Delivery Controllers as Cisco recently discontinued their ACE product line. Citrix also announced new partnerships with a number of key vendors who will be building joint solutions on their Netscaler product line.

Streaming Citrix apps directly

If you want to get around publishing the applications through PNAgent or Web Interface you can use this method to run streamed applications.  Obviously don’t call support if this doesn’t work…use only for testing, but it’s an interesting article and definitely helps understand more about the streaming architecture of Citrix XenApp.

http://community.citrix.com/display/ocb/2009/03/05/App+Streaming+-+Running+apps+via+RadeRun