HTML5 Error "Citrix Receiver cannot connect to the server" from external connection

HTML5 Error "Citrix Receiver cannot connect to the server" from external connection

book

Article ID: CTX234127

calendar_today

Updated On:

Description

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.

Internally users are able to launch application via HTML5 Client. But externally users are unable to launch the applications via HTML 5.

Error : Citrix Receiver cannot connect to the server.
User-added image

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Resolution

  1. Under Citrix Policy, go to Policy
  2. In the middle pane, under Policies, modify an existing policy or create a new policy for external connections.
  3. In the right pane, click Actions > Edit Policy
  4. Edit Unfiltered window will appear, then type websock and hit Enter.
  5. Select WebSock trusted origin server list
  6. Enter the External URL  //this is to allow external URL as a trusted URL
  7. Click OK

NOTE: 
For internal connections, the policy for the web sockets is as follows :
Web Socket Connects - Allowed
Web Socket Port number - Default 8008
Web sockets trusted origin server - default *

The policy is assigned to all objects in the site.
 

WebSockets trusted origin server list

This setting provides a comma-separated list of trusted origin servers, usually Receiver for Web, expressed as URLs. Only WebSockets connections originating from one of these addresses is accepted by the server.

By default, the wildcard * is used to trust all Receiver for Web URLs.

Problem Cause

In the web socket connection request header, external device will send the request to the backend with a parameter called "Origin".  This parameter will contain the external URL.
 
If this external URL (in the Origin parameter) is not added, under the WebSocket Trusted Origin Server List on the Citrix Server, the server will close the TCP connection causing the client browser to receive a '500 Internal Server Error'.  This is a security measure from the Citrix side.


 

Issue/Introduction

Users, connecting from external network, are unable to launch application using Receiver for HTML5 client.

Additional Information

https://www.citrix.com/blogs/2015/07/08/receiver-internals-how-receiver-for-html5-chrome-connections-work/

https://discussions.citrix.com/topic/383619-internal-html5-receiver-citrix-receiver-cannont-connect-to-the-server/
Powered by Wolken Software