Sometimes your security team will be your best friend. They will be the “bad guy” in your IT organization and prevent certain applications from being installed or they will require that remote users have reduced access. Recently, I was approached by my security team to prevent access to the clipboard, local printers, and local drives for a certain group of users. This better secures our environment and reduces ICA bandwidth and speeds up login times. When I created a new Citrix policy to put these restrictions in place, I found that USB hard-drives were still being mapped.
Searching the Citrix eDocs site, I came across the following detail at the bottom of the Drives Folder section in the Policy Rules Reference:
Enabling or Disabling HDX Plug-n-Play for USB Storage Devices
HDX Plug-n-Play for USB storage devices is enabled by default. To change the settings for HDX Plug-n-Play for USB storage devices, manually change the key specified below on the XenApp server. Changes apply to all users.
Caution: Using Registry Editor incorrectly can cause serious problems that can require you to reinstall the operating system. Citrix cannot guarantee that problems resulting from incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Make sure you back up the registry before you edit it.
Toggle USB drive redirection on and off using the following registry key on the server:
On XenApp 32-bit edition
On XenApp 64-bit edition
1 = redirection disabled
0 = redirection enabled
Note: HDX Plug-n-Play for USB storage devices is enabled when the registry key is not present.
Once I added the registry setting (and logged back in), I was no longer able to see any mapped USB hard drives. This is also referenced in the following CTX articles: How to Prevent Manual Mapping of Client Connected USB Drives and How to Disable USB Drive Redirection
[NOTE: I recently ran into this issue and the webinterface.conf changes mentioned in this Citrix forum post solved my issue. I’m also re-posting a Citrix article that covers the same problem.]
SSL 38 Error is Displayed when Launching Applications
Document ID: CTX128812 / Created On: Apr 26, 2011 / Updated On: Aug 24, 2011
Average Rating: not yet rated
When trying to launch an application using ICA Proxy to XenApp via Access Gateway Enterprise the following error message is displayed:
This is possibly because of licensing restrictions as indicated in the article CTX119980 – SSL Error 38 when Launching Applications using Access Gateway Enterprise Edition
This issue can also be because of problems with Domain Name System (DNS) name resolution. When launching an application, the Access Gateway Enterprise Edition appliance uses the method specified in the WebInterface.conf file for name resolution. The Web Interface generates the ICA file. If the WebInterface.conf file is set to dns-port and DNS resolution is not possible, either because no DNS server is specified in the Access Gateway Enterprise configuration or the appliance being in a DMZ where no DNS server is reachable, then the launch of the application fails with the preceding error message.
The first option to resolve this issue is to specify a DNS server in the Access Gateway Enterprise Edition appliance within the Name Servers pane as shown in the following screenshot:
The second option is to edit the WebInterface.conf file on the Web Interface server for that site, to resolve through ipv4-port rather than dns-port. The default location of the WebInterface.conf file is C:\inetpub\wwwroot\Citrix\sitename\conf\. Replace the sitename with the name of your site; the default sitename for a Web site on Web Interface is /Citrix/Xenapp. The following screenshots are sample screenshots of the WebInterface.conf file:
Restart the IIS Web Server after saving the WebInterface.conf file.
This document applies to:
Available now! Citrix Branch Repeater 6 | Citrix Blogs.
Branch Repeater 6 provides IT with unprecedented visibility and control over all services – including desktops, apps, and multi-media and delights millions of branch office users with superior quality of service and experience, all while slashing WAN bandwidth costs.
Branch Repeater 6 evolves WAN optimization from being network-centric to service centric changing the WAN optimization game… again!
- SmartAcceleration allows IT to better assess, monitor and control network traffic from each individual service at a highly granular level. Branch Repeater is the only solution that auto-discovers and reports upon individual published XenDesktop/XenApp applications in addition to 500+ native applications and traffic flows.
- User-centric Prioritization allows administrators to identify and prioritize virtual desktops and virtual apps to a branch based on user group (desktop group) and published application. HDX traffic can be prioritized based on desktop group, published application, user group, or user location. Only Branch Repeater can go to this level.
- Optimization and acceleration of encrypted MAPI traffic and signed SMB1 & SMB2 file transfers.
- Centralized licensing allows IT to deploy, manage, and consume licenses from a central Citrix License server to simplify branch deployments.
Tons of new literature on Branch Repeater is now available at the Branch Repeater section of the Citrix Sales Knowledge Base.
We suggest you start with feature briefs on
- Branch Repeater 6
- HDX WAN Optimization and Branch Repeater 6
and from there on..explore..
For more information or to download the software, please visit: