Publishing an internal site to only be accessed through Citrix and not locally

Posted on 2010-09-08
Last Modified: 2012-05-10
We are currently running Citrix Presentation Server 4.5 and we have an internal site that only works on IE 6. We are in the process of upgrading our local machine to Windows 7 and it will be setup to use IE 8. Since this internal site is not configured to run on anything other then IE6 we are wanting to find an easier way to re-direct our customers to use Citrix instead. We currently publish this site as an available application but since we want to prevent the users from accessing this site internally on their local machines we need a way to force them to use Citrix. We are currently using an IE redirect application that if this address is typed into the browser locally it will be blocked and an error reminding them to use the publsihed application version will be displayed.

I know with content redirection we can set the site to redirect them to use their local browser I just wasn't sure if this could be configured to go the opposite way. If this address is entered it would launch it on Citrix. Any assistance is appreciated.

I will offer max points for a solution since this is currently a big deal here at my place or work. Thanks.
Question by:tonyenor
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4

Expert Comment

ID: 33629940
So you are already using PNAgent on their local PC to place an IE6 web browser - where the app name is called whatever that website URL is?
You could embed an ICA file for the ie6 browser on this page
"an error reminding "
With pass through authentication it should launch right in.
Or even better maybe, you could even just make that error message webpage a redirect to a WI site with pass through enabled and auto launch the IE6 browser to that web app. Lots of easy options on this one. You may have to do a custom WI site that auto launches that browser if you dont want your normal WI site to auto launch. You can do it on the same WI server - now its managed in the webinterface.conf file or for older sites you can follow this

Author Comment

ID: 33630067
Yes we are using the local PNA agent on the machines and they will have access to the application from the outside from the already published application pointing to this site using Web Interface. Yes the published application is currently being used and when they launch it it opens up the page using IE 6 that is installed on the Citrix server hosting that application.

I guess what I am trying to accomplish is similiar to what content redirection does with file types you can put in an extension like .doc, or .xls. If someone tries to open an application with a .doc extension Citrix is then opened to launch this application or file. I want this same behavior to happen with this internal site. I don't want them to be able to access it locally on their machines using their local browser and to force them to only use Citrix.

I guess I am just confused on what exactly you are suggesting us to do. The zip files through me off.

Expert Comment

ID: 33630269
So, the applications you see in your current WI site or PNA site are .ica files. One option is to embed a .ica file that represents your IE6 site onto your current error message page and when the user hits that page it auto opens the ica file which in turn opens IE6. However, probably the best thing to do would be to make your error message page redirect your users to a WI site that auto launches your IE6 ica file.
SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends


Author Comment

ID: 33630644
I apologize for appearing clueless at the moment. How would I go about creating a WI site that would auto launch this site? That seems like the best route to go since it would be pretty much seamless to the users without them having to click onto another link. However I am having trouble determining how to create a site to do this within Web interface.

Accepted Solution

TreyBcool earned 500 total points
ID: 33631272
From your posting:
"We are currently using an IE redirect application that if this address is typed into the browser locally it will be blocked and an error reminding them to use the publsihed application version will be displayed."

So that message is a web page. When that message/webpage posts to the user - you would just redirect the user to your WI site. So create a new WI site, enable pass through (on your xenapp servers you may need to import the icaclient.adm file and enable pass through there as well
Pass through is under the user authentication portion. The icaclient.adm file is already on your xenapp servers - find it in program files\citrix\icaclient\configuration - on the server run gpedit.msc - click on administrative templates and import this adm file and enable pass through.

Then on your new WI site that you are redirecting to, enable pass through. What version of WI are you running? This site here has WI customizations for auto launching a specific app

However, if you are running WI5.x - then in the webinterface.conf file we can specify to autolaunch an app.
Your first step - the web page that your current error message is being posted, set in there to auto redirect you to your new WI site.

Author Comment

ID: 33631315
Okay got it. I will give that a try. Thanks so much for your assistance.

We are running version for Web Interface

Author Comment

ID: 33755414
Here is our HTML file we are trying to edit but I can't get the PNA file to link successfully in here. Any ideas?
Ths is what I tried and no luck. This can not be this difficult
file:///c:\Program Files (x86)\Citrix\ICA Client\pnagent.exe" /CitrixShortcut: (1) /QLaunch "SMT Portal"

if I copy the actual shortcut into work and open it launches successfully. However if I used the above hyperlink it does not work. Aggghhh please help if you can.
<title>Portal requires IE6</title>
<body bgcolor="silver">
Internet Explorer 6 is required.
The browser you are using has been identified as a different IE version or a non-IE browser. Portal requires IE6 to function properly.
Please access Application via the Portal or by using IE6. Contact the help desk if you have questions.


Open in new window


Expert Comment

ID: 33758003
Hmmm, I hadnt thought about doing it with PNAgent. I was thinking the easiest thing to do, so your users dont have to log in or anything, would be to put a link to a web interface site, with pass through authentication as the default authentication and have it autolaunch the IE6. What would happen is the users would click the http://webinterface_auto_launch url, pass through would take the credentials they logged into the pc with and then from there an ica file would be generated for IE6 and auto launched. But, I guess if PNAgent is already logged in locally with all their apps, then there may just be a way to invoke the IE6 from there, good idea. You are saying it works if you click that link in word, but not in internet explorer.
I am thinking something like

<a href="file:////c:\Program Files (x86)\Citrix\ICA Client\pnagent.exe /CitrixShortcut: (1) /QLaunch SMT Portal">Launch IE6</a>

is what you will need to do.

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Citrix policies are the most efficient method to configure and tune XenDesktop environments, allowing organizations to control connection, security and bandwidth settings based on various combinations of users, devices or connection types.  Citrix …
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question