Published applications with .Net or Java components take longer time to start, when installed on servers without Internet access. This issue affects all users accessing these published applications.

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.

To avoid this behavior, you can configure Microsoft Windows not to perform certification revocation checking.
 
Note: Before making this change, it is recommended to consult your security specialist. Note the following:

• the change will have an impact on other applications
• some other procedure will be needed to deal with revoked certificates that have been used to sign these applications

To configure Microsoft Windows to avoid this behavior, you can apply a user-based Group Policy Object (GPO).  For illustration, the setting appears in the Internet Properties dialog.

Internet Properties

1. Open User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page.
   The Internet Options dialog opens.
2. Disable the following option:
   Check for publisher's certificate revocation
   
   

Group Policy

Setting the following options through GPO policy and applying these settings to all users accessing these published applications ensures that these changes are updated in the next registry modifications in their session:
Check for publisher´s certificate revocation:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

• Default setting: 0x00023c00 (166432)

• After manually setting disabled: 0x23e00 (146944)

• After applying the GP preference settings: 0x002c9 (713)

To make these changes through GPO, complete the following alternative methods:

• In Windows 2008:
  To get to this policy, open User Configuration\Preferences\Control Panel Settings\Internet Explorer, in this location add policies for all the appropriate versions of Internet Explorer.

• In Windows 2003:
  To get to this policy, open User Configuration\Internet Explorer Maintenance\Connection Settings. In this location modify the options as required.

---

Problem Cause

When a user accesses a published XenApp application with a .NET or Java component, there is a long delay before the application appears.  Once the application appears, the application behaves as expected.
 
In other cases, the application starts normally, but when accessing a different module of the application, this access might take more time to process, or fail.
 
This behavior occurs when:

• the application contains a signed .NET or Java component, and:

• the server where the application is published does not have Internet access

This is because the .NET framework or Java runtime environment attempts to check whether the signing certificate has been revoked.  This check requires Internet access.
 
In case of .NET components, there is a timeout of 15 seconds for each check. Depending on the features that are installed, this can increase up to one minute of startup time for the application.

This article contains resolution to delay in starting published applications.