Internet Explorer 9 and Citrix Web Interface ICA Launch Failures
I ran into an interesting situation today with IE9 and WI that I felt I should share. For those that have already read CTX129082, this goes along with that article. Troubleshooting this issue for a client, I followed the recommendations in the article including Disabling ActiveX filtering globally (or for individual site), adding the site to the Trusted Sites zone with Low security zones, and renaming the application/x-ica mime type in the registry. Despite these changes, I was still finding the launch.ica file was being blocked:
I was able to reproduce this issue in my lab and the issue has to do with Client Detection. If you right click the Icon in the web interface, select Save Target As… and are returned the Launch.ica file, you will have the above failure with IE9:
I have found that with Client Detection unchecked/disabled on the web interface site, you will be delivered the launch.ica file which will result in the failure for IE9. For the client, even though they had enabled client detection, they were getting the same failure for IE9. I found that the portals that were failing were set to authenticate At Web Server with the Kerberos ticket being passed to the Citrix WI. Essentially, the silent detection process was being bypassed as a result of their web server configuration.
The site should still be placed in the Trusted Sites zone to ensure the client detection process occurs at logon. If client detection fails or is bypassed I haven’t found a configuration that works with IE9 using the launch.ica file. The only working method I have found involves launcher.htm, which requires the silent client detection to be run. Running the client detection manually from the Settings tab renders the same results and can be used as a temporary workaround for users.
This issue appears to affect IE9 connecting to all versions of WI 5.x. If you ever run into this issue, remember Client Detection is the key to IE9 functionality with the Citrix Web Interface. Thanks so much! –youngtech
Updated 6-14-2011 following CTX126653:
Client Detection is no longer required for Internet Explorer 9 functionality using Online Plugin version 12.1.44 or later. Additionally, in my testing I found that the site is no longer required to be in the Trusted Sites zone for IE9. This will dramatically reduce administrative overhead for both users and IT staff.
For best results for the end user experience, I recommend downloading and updating the clients directory on the Web Interface servers (Program Files (x86)CitrixWeb Interface5.x.0ClientsWindowsOnline Plug-in) with the three 12.1.44 files available for download here:
Within the Citrix Web Interface Management console select the XenApp/XenDesktop site and navigate to Client Deployment -> General -> Client Detection and select Perform client detection at logon, Offer upgrades for clients, and Whenever a client is needed:
Once this process has been completed, all users running client versions earlier than 12.1.44 will be prompted to install the CitrixOnlinePluginWeb.exe when navigating to the Citrix Web Interface site: