Article: Enabling or Disabling HDX Plug-n-Play for USB Storage Devices

Intro

Sometimes your security team will be your best friend. They will be the “bad guy” in your IT organization and prevent certain applications from being installed or they will require that remote users have reduced access. Recently, I was approached by my security team to prevent access to the clipboard, local printers, and local drives for a certain group of users.  This better secures our environment and  reduces ICA bandwidth and speeds up login times. When I created a new Citrix policy to put these restrictions in place, I found that USB hard-drives were still being mapped.

Solution

Searching the Citrix eDocs site, I came across the following detail at the bottom of the Drives Folder section in the Policy Rules Reference:

Enabling or Disabling HDX Plug-n-Play for USB Storage Devices
HDX Plug-n-Play for USB storage devices is enabled by default. To change the settings for HDX Plug-n-Play for USB storage devices, manually change the key specified below on the XenApp server. Changes apply to all users.

Caution: Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it.

Toggle USB drive redirection on and off using the following registry key on the server:

On XenApp 32-bit edition
HKEY_LOCAL_MACHINE\Software\Citrix\Policies\DisableUSBDriveRedirection

On XenApp 64-bit edition
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\Policies\DisableUSBDriveRedirection

Type: DWORD

Values:
1 = redirection disabled
0 = redirection enabled

Note: HDX Plug-n-Play for USB storage devices is enabled when the registry key is not present.

Once I added the registry setting (and logged back in), I was no longer able to see any mapped USB hard drives. This is also referenced in the following CTX articles: How to Prevent Manual Mapping of Client Connected USB Drives and How to Disable USB Drive Redirection

Thanks,
Alain

Article: SSL 38 Error when Launching Applications via Citrix NetScaler

[NOTE: I recently ran into this issue and the webinterface.conf changes mentioned in this Citrix forum post solved my issue. I’m also re-posting a Citrix article that covers the same problem.]

SSL 38 Error is Displayed when Launching Applications

Document ID: CTX128812   /   Created On: Apr 26, 2011   /   Updated On: Aug 24, 2011
Average Rating: not yet rated

Symptom

When trying to launch an application using ICA Proxy to XenApp via Access Gateway Enterprise the following error message is displayed:

Cause

Cause 1

This is possibly because of licensing restrictions as indicated in the article CTX119980 – SSL Error 38 when Launching Applications using Access Gateway Enterprise Edition

Cause 2

This issue can also be because of problems with Domain Name System (DNS) name resolution. When launching an application, the Access Gateway Enterprise Edition appliance uses the method specified in the WebInterface.conf file for name resolution. The Web Interface generates the ICA file. If the WebInterface.conf file is set to dns-port and DNS resolution is not possible, either because no DNS server is specified in the Access Gateway Enterprise configuration or the appliance being in a DMZ where no DNS server is reachable, then the launch of the application fails with the preceding error message.

Resolution

Option 1

The first option to resolve this issue is to specify a DNS server in the Access Gateway Enterprise Edition appliance within the Name Servers pane as shown in the following screenshot:

Option 2

The second option is to edit the WebInterface.conf file on the Web Interface server for that site, to resolve through ipv4-port rather than dns-port. The default location of the WebInterface.conf file is C:\inetpub\wwwroot\Citrix\sitename\conf\. Replace the sitename with the name of your site; the default sitename for a Web site on Web Interface is /Citrix/Xenapp. The following screenshots are sample screenshots of the WebInterface.conf file:

Before

After

Restart the IIS Web Server after saving the WebInterface.conf file.

This document applies to:

Thanks,
Alain