[THIN] Re: web interface launch issue

  • From: Jan <tinybeetle@xxxxxxxxx>
  • To: thin-list <thin@xxxxxxxxxxxxx>
  • Date: Fri, 20 Dec 2013 09:37:24 -0500

I've found that with the new IE I need to put the site into Local Intranet.
Then it launches. Otherwise you see the behavior that you describe, nothing
happens when you click. Firefox does not exhibit this behavior, it works.


On Thu, Dec 19, 2013 at 11:06 PM, Angela <angela_smith9@xxxxxxxxxxx> wrote:

> Hi
>
> I have an interesting issue.  Users connect to Citrix Web Interface (CWI)
> in Australia and open Internet Explorer from Australian Citrix farm.  User
> then connects to another Citrix Web Interface in New Zealand (NZ) and tries
> to launch a Published App from NZ Citrix farm.
>
> Client - AU CWI - AU Internet Explorer - NZ CWI - NZ App
>
> When user clicks on any App, nothing happens.  If I change the Connection
> Preferences in the AU CWI to "Client for Java" the App launches.  The CWI
> in NZ is configured as a Trusted site.  What IE settings are required for
> ICA Web client to work?  Understand the configuration is not ideal as users
> are connecting to 2 CWI's but they don't have the ability to go straight to
> NZ CWI, connection must pass through Australian CWI. I have installed the
> latest ICA Web client on the XenApp 4.5 server in Australia that hosts
> Internet Explorer
>
> Any assistance appreciated
>
> Ang
>
> ------------------------------
> From: scanjam@xxxxxxxxxxx
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
> Date: Fri, 20 Dec 2013 10:14:17 +1000
>
> yep.
>
> ------------------------------
> Date: Thu, 19 Dec 2013 17:12:24 -0700
> Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
> From: joe.shonk@xxxxxxxxx
> To: thin@xxxxxxxxxxxxx
>
> So basically any user on and internet connected device can type in user
> names and passwords?  So, a crafty person can launch a DOS attack and lock
> out accounts?
>
> Joe
>
>
> On Thu, Dec 19, 2013 at 4:53 PM, James Scanlon <scanjam@xxxxxxxxxxx>wrote:
>
> nope its configured as a session policy.
> i argued that its a bit silly as the user has already authenticated, but
> the client was advised (at some point) by citrix that pre auth is more
> difficult to troubleshoot when clients are logging in (the fun error codes
> the netscaler spits out) and they have many multiple people connecting from
> many different devices
> so they were adament they wanted a scan / reg scan after the user name and
> password....
> bah...
>
> ------------------------------
> Date: Thu, 19 Dec 2013 16:37:46 -0700
>
> Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
> From: joe.shonk@xxxxxxxxx
> To: thin@xxxxxxxxxxxxx
>
>
> Correct me if I'm wrong, but wouldn't that be  a pre-auth policy?
>
> Joe
>
>
> On Thu, Dec 19, 2013 at 12:59 PM, James Scanlon <scanjam@xxxxxxxxxxx>wrote:
>
> Greetings thin list legends!
> long time no email!
>
> Quick one.
>
>    1. I have a single Netscaler Access Gateway with one post auth session
>    policy which points them to storefront.
>    2. It runs an single EPA check for a registry key for the domain
>    membership.
>    3. If it fails the registry check however its 'defaulting' to a the
>    client choices page and starts running an SSL VPN!?!
>
>
> Ive checked all advanced settings and the global settings - and there is
> literally nothing set to create this?
> Any idea how to set a policy so that 'If your EPA scan fails' the system
> just denies access? or even another policy which would direct them to a web
> server that doesnt exist or really ANYTHING *other *than starting a FULL
> SSL VPN!! :)
>
> I hope everyone is well and looking forward to the holidays!
> All the best for xmas and the new year.
>
> scanjam
>
>
>
>

Other related posts: