Alerts     Sign In
Rate this Article:
You must be signed in to rate again
 Article Feedback Print View
Alternate Languages: N/A

How to Enforce a Minimum Presentation Server Client Version

Document ID: CTX113879   /   Created On: Aug 14, 2007   /   Updated On: Jan 28, 2008
Average Rating: 3

Summary

By default, Web Interface prompts users to install the client version listed in the Access Suite Console but still allows them to connect if they do not have the recommended version installed. Security bulletins and environment requirements may require the minimum version to be enforced.

Upon connecting, this change redirects users that do not have the minimum Presentation Server Client version to the page specified in the test.htm file. This does not prevent users from enumerating their applications.

Requirements

• Administrator privileges on the Web Interface server

• Web Interface 4.5 or 4.6

Background

Previous security bulletins have prompted administrators to restrict the minimum Presentation Server Client version run by their Web Interface users.

Procedure

For Web Interface 4.5:

  1. Open the \inetpub\wwwroot\citrix\AccessPlatform\conf\webinterface.conf file in Notepad.
  2. Change IcaWebClientVersion= 9,0,32891,0 (default value) to 10,0,52110,0 for the 10.0 Presentation Server Client (Note: Use commas, not periods).
  3. Press CTRL+S in Notepad to save the change to the webinterface.conf file.
  4. Open the \inetpub\wwwroot\citrix\AccessPlatform\app_data\site\serverscripts\Launch.aspxf file in Notepad.
  5. Add the text below in bold to line 230 (line number may differ depending on other modifications). Additional lines are listed below to help identify the proper section of the Launch.aspxf file:

    // REMOTE app access (ICA and RDP)
    // CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP
    // CUSTOMIZATION POINT
    //
    // Modifying the launchInfo object here will only affect ICA sessions.
    // Modify inside the modifyLaunchSettings method to affect both ICA
    // and RDP sessions.
    //
    // CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP CP
    if (!getIcaClientUpToDate()) {
    // Client is not at the minimum value so redirect.
    Response.Clear();
    // Redirect page is located at c:\inetpub\wwwroot\Citrix\AccessPlatform\site\test.htm
    Response.Redirect("Test.htm");

    }

  6. Press CTRL+S to save the file.
  7. Open Notepad.
  8. Copy and paste the following text into the new text file:

    Test.htm
    <script language="javascript">
    window.open("http://citrix.com","_blank");
    </script>

  9. Save the file as <root directory>\inetpub\wwwroot\Citrix\AccessPlatform\site\test.htm

For Web Interface 4.6:

1. Modify the WebInterface.conf file as follows: Locate the line that reads "# IcaClientVersion="

2. Delete the # and add the minimum version number of the Presentation Server Client the user should have installed. For example:

IcaClientVersion=10,150,58643 (use commas instead of periods)

3. Modify the launcher.aspxf file in $SITEROOT\Citrix\AccessPlatform\app_data\site\serverscripts\. Look for the following lines around line 129:

// Indicate to subsequent pages that this launch should be done via the
// RADE client
queryStr += "&" + QSTR_LAUNCH_METHOD + "=" + LAUNCH_METHOD_STREAMING;
} else {

4. Add these lines below the above code:

if (sWizardInfo.getRemoteCanUpgrade()) {
Response.Redirect("test.htm");
Response.End();
}

Note: Add the lines just above the following line:
// This is a launch via a remote (ICA or RDP) client

5. Create a file called test.htm in the $SITEROOT\Citrix\AccessPlatform\site directory with code similar to the following:

<script language="javascript">
window.open("updateclient.htm","_blank");
</script>

6. Create a file called updateclient.htm in the $SITEROOT\Citrix\AccessPlatform\site directory with code similar to the following:

<a href="/Citrix/AccessPlatform/Clients_common/ica32pkg.msi">Please download and install the latest version of the ICA Client to continue</a>

More Information

The Launch.aspxf and WebInterface.conf files are compiled when called therefore there is no need to restart Internet Information Services (IIS).

Additionally, in Web Interface 4.6, users can be redirected to the upgrade page automatically after logging on (and before the applications are enumerated) if their client does not meet the minimum client version requirement. To do so:

1. Modify the include.aspxf file in both the app_data\site\serverscripts and app_data\auth\serverscripts directories.

2. In the include.aspxf file, there is a method called isNextPageWizard()

3. Add the string displayed in bold below:

private bool isNextPageWizard() {
    return (sWizardInfo.getNoClientDetected() || sWizardInfo.getRemoteCanUpgrade() )&& !sWizardInfo.getNoClientAvailableForPlatform();


This document applies to:

Search
Knowledge Center
Advanced Search
XenApp
XenApp Plugins (Clients)
XenServer
XenDesktop
NetScaler Application Delivery
Access Gateway
EdgeSight
Provisioning Server
WANScaler
Password Manager
>> View All Products
Does it work with Citrix? Verify it - introducing the new Citrix Ready Community Verified
©1999-2008 Citrix Systems, Inc. All rights reserved.