Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
PART 1 | PART 2 | PART 3
This three-part article explains the use case, best practice, and design methodology to use Internet Explorer 11 Enterprise Mode using a single XML file hosted on a central web server. This allows for upgrading to Internet Explorer 11 on Citrix XenApp servers OR client workstations, elimination of compatibility view mode lists, support for IE 7, 8, 9 and 10 using a combination of IE 8 Emulation and Document Modes.
- This is not to be mistaken with Windows 10 “Microsoft Edge” – no relation.
- This is not to be mistaken with "Compatibility View" - no relation. Actually, I recommend disabling this feature using Group Policy.
Do you leverage a different Internet Browser outside work? I do. I use Google Chrome, Mozilla Firefox and recently IE 11 Edge Mode with Microsoft Windows 10 client OS. In the office, workstation and servers will generally have some version of Internet Explorer. It is rare to find anything other than IE installed on Microsoft Server operating system.
Curious why one website opens in Firefox or Chrome but not IE 11? Yet, it opened in IE 9 and IE 10. This is a long answer but I'll trade you an easy solution instead.
In my experience most corporate environments, the standard is Microsoft Internet Explorer. For Windows 7 client the latest browser version for download is Internet Explorer 11 + hotfixes.
Microsoft ended support for 8, 9, and 10. Long time coming. Despite the excessive warnings, websites remain that were built for IE 8. This explains where compatibility view mode is used in IE 9 and IE 10. Ready to turn that off?
"Microsoft today ended support for old versions of Internet Explorer, including IE8, IE9, and IE10, as well as Windows 8. For the browsers, the company has also released a final patch (KB3123303) that includes the latest cumulative security updates and an “End of Life” upgrade notification." 1]
Consider a scenario where 70% of the internal websites are coded for Internet Explorer 8 and earlier. IE 8 uses the Trident Engine and developed by Microsoft dating back to October 1997. Upgrading from IE 8, 9 or 10 to version 11 has risks. The end-user might access internal and external websites. In my experience, the internal websites pose the greatest risk.
I performed a recent migration from IE 9 to IE 11 for compliance reasons. The customer had contracts where those customers of the customer mandated IE 11 to meet a security requirement. Initial inspection of IE 9 Compatibility View Mode sites listed in Group Policy exceeded 2000 URLs. This was done because those legacy sites worked fine IE 7 and IE 8.
Prior attempts to upgrade the Citrix XenApp platform to IE 11 failed. By default IE 11 may not work with sites coded for earlier versions of Internet Explorer. Roughly 70% of the customer websites fell in this category. The IE 8 coded sites broke in IE 11 and most of the sites were "Intranet". Fortunately, I had performed several migrations using IE 11 Enterprise Mode with a single XML file hosted on Microsoft IIS.
Many companies still run IE 8 whether or workstations or dedicated Citrix silos for backward compatibility. Dedicated silos gave developers or the business an excuse to forgo upgrading the code. Now Microsoft has dropped support for the legacy browser. IE 8 often combined with Compatibility View for sites written in earlier versions of code suited for IE 6 and 7. The result a large list of websites over several years and often no process for removing those website URLs (uniform resource locator) after that website decommission. You end up with a list of 3000 websites but where 1000 of those websites no longer exist.
IE 11 Enterprise Mode is a new way for enterprise IT departments to automatically adjust to legacy coded websites using a centrally hosted XML file. What you get is a 'full featured' Internet Explorer 8 emulation mode having IE 11 installed to meet compliance mandate. This effectively eliminates the need for enterprises to standardize on an almost 8-year-old browser.
The reality is more a combination of IE 8, 9 and ten browsers across the corporate environment. Companies use Internet Explorer and Group Policy to control some of the variables. Sometimes allowing users to "Add" sites to compatibility view mode using their workstation. This is versus controlling this setting in Group Policy. While compatibility mode solved some issues, it is far from a global strategy. Not to mention high maintenance.
SITES XML FILE REQUIREMENTS
Enterprise Mode, if implemented correctly, eliminates the need for enterprises to standardize on an almost 8-year-old browser and embrace the new world of the modern web. Enterprise mode implements configuration and code changes to emulate IE 8 while running IE 11. It does not utilize IE 8 binaries; this is IE 11 emulating IE 8 with code changes and configuration modifications that are only functional in Enterprise Mode.
Depending on internal structure and delineation of business units determines if one or more XML file is required. I eliminated over 3000 sites from Group Policy compatibility mode view list and a single “sites.xml” file behind a Netscaler VIP and two Windows web servers with IIS. The XML file hosted on a NAS share behind a DFS pointer to which the IIS virtual directory leveraged across both web servers.
- One sites.xml file hosted on an Internet Web Hosting platform; HTTP (TCP 80) or https (TCP 443)
- Notepad++ with XML Module for Syntax Checking
- A single mistype can result in outage
- Post-Production, use the process: RFC for Test, RFC for Production
- Test environment for sites.xml
- Separate production environment for sites.xml
- New organizational unit defined for IE 11 upgrades for workstation and Citrix servers
- Test OU - points to a test version of the sites.xml file hosted in a different virtual directory
- Production OU
- Dedicated Group Policy object with latest IE 11 ADMX files hosted in a “Central Store” 1
- Disable Compatibility View – Make sure this is disabled so that users cannot add sites to compatibility view mode and turn off Intranet sites use compatibility mode.
- Web server and virtual directory path to host “sites.xml” file
- Notepad++ with XML module or other similar tool for parsing XML logic
This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
This tag specifies the domains and domain paths that need special treatment and should be rendered using Enterprise Mode or the default Internet Explorer 11 browser environment. The “/emie” section controls IE 8 Enterprise mode by FQDN starting right to left. FQDN is "right to left not left to right".
In the above example, the following is true:
- The “mydomain.com” must use IE 8 emulation.
- The “mydomain.com/desktop/forms” does NOT use IE 8 emulation.
- The “qa.mydomain.com” must use IE 8 emulation.
- The “preview.mydomain.com” must use IE 8 emulation.
To make sure your site list is up-to-date;
- Wait 65 seconds after opening Internet Explorer
- Check that the CurrentVersion value in the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\ registry key matches the version number in your file.
Introduced with Internet Explorer 8 to discourage proprietary coding for more standardized code compatible on multiple browsers and devices. Subsequent releases after IE 8 introduced additional document modes emulating prior supported versions while introducing new features as defined by industry standards. IE 9 included IE 8 document mode and fundamental changes to iframes.
IE 10 introduced the functionality to display more than one document mode in the same web page. Also, if the website or HTML does not specify a document type displays the page in Quirks mode. This behavior easily changed modifying the “X-UA-Compatible” meta tag.
Windows 10 does not support document modes. IE 11 introduced IE 10 document mode and the last as Microsoft encourages developers to use IE 11 document mode formerly known as “Edge.” The flow chart depicts how IE 11 document mode used.
Windows 10 does not support legacy document mode. Windows 10 leverages Microsoft Edge (codenamed “Project Spartan”) as the new default browser built for Windows 10. Hence, IE 11 supports legacy document modes but Microsoft Edge with Windows 10 doesn’t.
SITES XML FILE DESIGN
This document assumes Enterprise Mode enabled in Group Policy and the XML file centrally hosted on a web server or multiple web servers behind a load-balancer. The XML file is a single point of failure if were load balancing not leveraged.
The XML design is critical to the implementation and adding or removing sites from the sites.xml file. The XML file, like DNS, is read “right to left.” As of this writing, options include; IE 11 Default, IE 8 Emulation Mode, IE 10 Document Mode, IE 9 Document Mode, IE 8 Document Mode, IE 7 Document Mode. IE 8 Emulation Mode not to be confused with IE 8 Document Mode – no relation.
When we modify Group Policy to point at sites.xml file, perform “ gpupdate /force” on client machines, Enterprise Mode is enabled. Group policy instructs the Workstation and\or Citrix server to leverage the sites.xml file to determine what mode is best fit for “mydomain.com” to anything left or right of .mydomain.com.
Notice the winning GPO is “GPO-IE-11-Enterprise-Mode
” and the URL location is
Example: Commercial GPResult
Subsequently, we can validate the registry key
The corresponding registry key:
If the sites.xml file is empty; everything runs IE 11 by default. The example above quickest check to validate that user registry key set by GPO set to the Enterprise Sites File location.
The assumption for this exercise is EMIE (Enterprise Mode) by default is IE 11 unless we state otherwise in the XML file. I’m hosting the XML file on IIS 7.5, but any webserver will suffice.
Anything listed in the EMIE section is your exclusion list or “false”. Ideal where the majority of internal websites date back to IE 8, 7 or 6 version of Internet Explorer.
mydomain.com. = IE 8 Emulation Mode
Above I added mydomain.com as exclusion to EMIE to force the IE 8 emulation
So, if you mean IE 8 Emulation Mode (not compatibility mode) that is my default setting for anything that name and anything that name to the left of that name.
XML, like DNS, reads right to left (parsed) and greatest to least from a potential impact perspective. Although one error at any level results in an outage. An example about this concept follows; (Starting with the Universe or .com.)
Everything your working within this universe which is XML and all things related to it such as DNS and FQDN require you to understand the aforementioned concept. XML File parsing begins with <rules version=”XX”>.
In this example, the Universe is COM. The Solar System is .mydomain.com in (dot)COM universe. Similar to DNS Name Space without the forward slash and critical to design.
Keeping in mind the above is for demonstration purposes only. The point read right to left not left to right. Maybe it doesn't make sense now but keep reading. Take note of the syntax. In part two I demonstrate where the smallest mistake can cause an outage.
part two, I provide an additional example and deep dive to custom configurations.
1] Central Store See
EMIE - Enterprise Mode for IE 11
Does this shared knowledge provide value? If this article has value please click on "Good Article"
button to your right. Knowing this knowledge is valued by others is motivation to continue sharing.