How to Configure and Troubleshoot Browser Content Redirection

Policies

The following policies are available for the Browser Content Redirection feature in Citrix Studio:

User-added image
Note: Editing regkeys will require to close and reopen the Browser on the VDA

2.0 Browser Content Redirection policyBy default, Citrix Receiver tries client fetch and client render. If client fetch and client render fails, server-side rendering is tried. If you also enable the Browser Content Redirection proxy configuration policy, Citrix Receiver tries only server fetch and client render.

By default, the Browser Content Redirection policy is set to Allowed.

Optional Registry override options on the VDA for policy settings (meaning, they are not needed unless you want to override Studio policies)

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixHdxMediastreamOrHKEY_LOCAL_MACHINESOFTWARECitrixHdxMediastreamName: WebBrowserRedirectionType: DWORD1 = Browser content redirection is Allowed.0 = Browser content redirection is Prohibited

2.1 Browser Content Redirection ACL Configuration policy

Use this policy to configure an Access Control List (ACL) of URLs that can use browser content redirection or are denied access to browser content redirection.

Authorized URLs are the whitelisted URLs whose content is redirected to the client. The wildcard * is permitted, but it isn’t permitted within the protocol or the domain address part of the URL:

  • Allowed: http://www.xyz.com/index.html, https://www.xyz.com/*, http://www.xyz.com/*videos*
  • Not allowed: http://*.xyz.com/

You can achieve better granularity by specifying paths in the URL. For example, if you specify https://www.xyz.com/sports/index.html, only the index.html page is redirected.

By default, this setting is set to https://www.youtube.com/*

Optional Registry override options on the VDA for policy settings (meaning, they are not needed unless you want to override Studio policies)

Close and re-open the Browser for these regkeys to be honored after a change.

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixHdxMediastreamOrHKEY_LOCAL_MACHINECitrixHdxMediastreamName: WebBrowserRedirectionACLType: REG_MULTI_SZ

2.2 Browser Content Redirection Blacklist Configuration policy (7.17 and higher)

This setting works along with the Browser Content Redirection ACL Configuration policy. If URLs are present in the Browser Content Redirection ACL Configuration policy and the Browser Content Redirection Blacklist Configuration policy, the blacklist configuration takes precedence and the browser content of the URL isn’t redirected.

Policy Settings:

  • Unauthorized URLs: Specifies the blacklisted URLs whose browser content isn’t redirected to the client, but rendered on the server. The wildcard * is permitted, but it isn’t permitted within the protocol or the domain address part of the URL.
  • Allowed: http://www.xyz.com/index.html, https://www.xyz.com/*, http://www.xyz.com/*videos*
  • Not allowed: http://*.xyz.com/

You can achieve better granularity by specifying paths in the URL. For example, if you specify https://www.xyz.com/sports/index.html, only index.html is blacklisted.

By default, this list is empty.

Optional Registry override options on the VDA for policy settings (meaning, they are not needed unless you want to override Studio policies)

HKLMSOFTWAREWow6432NodeCitrixHdxMediastreamOrHKLMSOFTWARECitrixHdxMediastreamName: WebBrowserRedirectionBlacklistType: REG_MULTI_SZ​

2.3 Browser Content Redirection Proxy Configuration policy

This policy provides configuration options for proxy settings on the VDA for Browser Content Redirection feature.

If enabled with a valid proxy address and port number, only Server Fetch Client Rendering is attempted.

Server Fetch Client Render in fact would only be attempted if this policy is enabled.

If disabled or left unconfigured with default value, Client Fetch Client Rendering is attempted.

Allowed pattern: http://<hostname/ip address>:<port>

For example, http://proxy.example.citrix.com:80

By default, this setting is prohibited in Studio.

At the moment, support for PAC files or Exceptions in IE11 LAN Settings is not possible – instead, configuration on the Proxy server itself (e.g. BlueCoat or NetScaler Secure Web Gateway) is necessary to handle the exceptions.

Optional Registry override options on the VDA for policy settings (meaning, they are not needed unless you want to override Studio policies)

(Registry path varies depending on VDA architecture):

HKLMSOFTWAREWow6432NodeCitrixHdxMediastreamOrHKLMSOFTWARECitrixHdxMediastreamName: WebBrowserRedirectionProxyAddressType: REG_SZ

2.4 Browser Content Redirection Authentication Sites policy (7.18 and higher)

This setting allows you to configure a list of URLs that sites redirected via Browser Content Redirection can use to authenticate a user.

In other words, it specifies the URLs for which Browser Content Redirection will remain active (redirected) when navigating away from a whitelisted URL.

A classic scenario is a website that relies on an Identity Provider (IdP) for authentication.

For example, website www.xyz.com needs to be redirected to the endpoint, but the authentication portion is handled by a third party IdP, like Okta (www.xyz.okta.com).

The Admin would need to use the Browser Content Redirection ACL Configuration policy to whitelist www.xyz.com, and use Browser Content Redirection Authentication Sites to whitelist www.xyz.okta.com.


Registry override options on the VDA for policy settings:

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixHdxMediastreamOrHKEY_LOCAL_MACHINECitrixHdxMediastreamName: WebBrowserRedirectionAuthenticationSitesType: REG_MULTI_SZ

2.5 Client Side Optimization

There is currently a known issue when upgrading to Receivers 4.10 or higher from any version: CTX235183

Fresh installs of those Receivers do not have any known issues.

The following registry key can be set on the Client (Receiver for Windows 4.10 only, in 4.11 is already included by default) in order to enable HdxBrowser.exe (the overlay browser on the endpoint responsible for Client-side rendering) to use the GPU resources on the Client, hence reducing CPU utilization.

HKEY_LOCAL_MACHINE (and in HKEY_CURRENT_USER) SOFTWARE Microsoft Internet Explorer Main FeatureControl FEATURE_GPU_RENDERING (create if not present) HdxBrowser.exe = (DWORD) 00000001___________________________________________________________________________________________________________________________

3.0 Browser Content Redirection Troubleshooting

3.1 General troubleshooting steps

Step May clear problem in
Close Internet Explorer, re-open, and navigate to a whitelisted site. Browser Add-On and HdxVideo.js file
Disconnect and reconnect the session. Receiver, HdxBrowser.exe, WebsocketAgent, and services
Logoff and logon to a new session. Receiver, HdxBrowser.exe, WebsocketAgent, and services
Stop the services: 1. Browser redirection service, 2. HTML5 redirection service, and 3. Port forwarding service. Restart them in reverse order listed. Logoff and logon the session. All components


3.2 Data to collect for troubleshooting

CDF modules to trace:

VDA Side Receiver Side
HDX_Multimedia_BrowserService
HDX_Multimedia_HdxjsInjector
HDX_Multimedia_PortForwardLibrary
HDX_Multimedia_PortForwardService
HDX_Multimedia_WebSocketAgent
HDX_Multimedia_WebSocketPipe
HDX_Multimedia_WebSocketService
PE_Service_CtxEchoSvc
PE_Library_GvchBase
IcaClient_DriversVd_BrowserRedir
IcaClient_DriverVd_PortForward
Ica_Multimedia_HdxBrowser

Ensure HdxBrowser.exe is running on Receiver while you are on a whitelisted site.


4.0Browser JavaScript log live debugging:

  1. Open %programfiles%CitrixHTML5 Video RedirectionHdxVideo.js

    (or depending on your VDA version, the Javascript can also be located inside a folder called %programfiles%CitrixICASERVICE)

    You might need to do this running Notepad as an Admin and opening the .js file from the Open menu

  2. Change the line var DEBUG_ONLY = false; to var DEBUG_ONLY = true;

    Save the file and close your Editor.

  3. Close Internet Explorer and reopen it, hit f12, and go to the Console tab. Browse to a whitelisted site, e.g. https://www.youtube.com

  4. You should see traces from [HdxVideo.js] (example below). Collect the entire log.

    Key messages to look for are highlighted in bold, with additional comments inside brackets [ ]:

    [HdxVideo.js] OnUnload (window): [object Window]

    [HdxVideo.js] DocumentBodySuppressor.start()

    [HdxVideo.js Events] interceptEventListeners()

    [HdxVideo.js] DocumentBodySuppressor.trySetBodyStyle(): stopping observer

    [HdxVideo.js] OnLoad (window): [object HTMLDocument]

    [HdxVideo.js] Unredirected video count: 0

    [HdxVideo.js] HDX_DO_PAGE_REDIRECTION: true [if false, redirection is not even attempted. Problem with policies or browser Extension?]

    [HdxVideo.js] infallback: undefined

    [HdxVideo.js] Installing event listeners.

    [HdxVideo.js] msexitFullscreen – Found!

    [HdxVideo.js] onWSOpen: [Websocket opening to WebsocketAgent.exe 127.0.0.1:9001 succeeded. If failed, check your IE Security Settings]

    [HdxVideo.js] >>> {“v”:”pageurl”,”url”:”https://www.google.de/”}

    [HdxVideo.js] onVisibilityChange:

    [HdxVideo.js] >>> {“v”:”vis”,”vis”:true}

    [HdxVideo.js] onResize:

    [HdxVideo.js] >>> {“v”:”pageredir”}

    [HdxVideo.js] sendClientSize: w: 1316 h: 755

    [HdxVideo.js] >>> {“v”:”clisz”,”w”:1316,”h”:755}

    CSI/tbsd_: 15.599,072ms

    CSI/_tbnd: 15.658,128ms

    [HdxVideo.js] <<< {“v”:”winid”,”title”:”CitrixVideo:{1b83a2dc-39ae-4455-ad7d-d56e71fbb45d}”}

    [HdxVideo.js] onWSMessage: winid: CitrixVideo:{1b83a2dc-39ae-4455-ad7d-d56e71fbb45d}

    [HdxVideo.js] setWindowTitle: CitrixVideo:{1b83a2dc-39ae-4455-ad7d-d56e71fbb45d}

    [HdxVideo.js] documentTitleMutator.start()

    [HdxVideo.js] >>> {“v”:”winid”}

    [HdxVideo.js] <<< {“v”:”pageredir”} [VDA is instructing Receiver to start the redirection process]

    [HdxVideo.js] onWSMessage: pageredir

    [HdxVideo.js] Redirecting page — 화이팅! https://www.google.de/ [Korean characters means the redirection was successful]

A common error is:

[HdxVideo.js] OnUnload (window): [object Window]

Navigation Event Separator HTML1300: Navigation occurred.
www.youtube.com

[HdxVideo.js] DocumentBodySuppressor.start()

[HdxVideo.js Events] interceptEventListeners()

[HdxVideo.js] DocumentBodySuppressor.trySetBodyStyle(): stopping observer

[HdxVideo.js] OnLoad (window): [object HTMLDocument]

[HdxVideo.js] Installing event listeners.

[HdxVideo.js] msexitFullscreen – Found!


[HdxVideo.js] doRedirection(): exception connecting to WebSocket: SecurityError

[HdxVideo.js] onWSError:

[HdxVideo.js] Showing content — suspendRedirection.

In the Developer Tools console this can be seen as:

User-added image

This is caused by some security configurations in IE11’s Security Zones.

Please add the following entries to to the Trusted Zone in IE11 (Internet Options -> Security)


Another possible error is that some websites use a technology called CSP (Content Security Policy) which prevents any outside resource (like the Javascript used in BCR) from being executed in the trusted webpage context. Therefore Browsers prevent the injection of HdxVideo.js and BCR fails.

User-added image


5.0How to verify the webpage is redirected

Method #1: Drag the IE11 window quickly. You will notice a ‘delay’ or ‘out of frame’ between the viewport and the User Interface.

Also you will notice a quick change in the title on the Tab (CitrixVideoId) before the original title is placed back

User-added image


Method #2: When the right mouse button is clicked on window area, a customized context menu is displayed. Back/Forward menu items are currently disabled for the initial releases. The remaining menu items perform the following tasks:

  • Refresh: refreshes current client side web page.
  • Open: if the mouse point is focused on a hyper link, the link will be opened; otherwise, nothing will happen.
  • Open in New Tab: if the mouse point is focused on a hyper link, the link will be opened in a new Tab; otherwise, nothing will happen. (Note: for the initial release, this works only when pop-up is enabled on VDA side IE instance.)
  • Open in New Window: if the mouse point is focused on a hyper link, the link will be opened in a new Tab; otherwise, nothing will happen. (Note: for the initial release, this works only when pop-up is enabled on VDA side IE instance and the link is opened in a new Tab rather than in a new Window)
  • About HDX Browser Redirection: Browse to Citrix support site in a new Tab
User-added image


Known issue: After starting a YouTube video using the YouTube HTML5 video player, full-screen mode might not work. You click the icon in the lower-right corner of the video, and the video doesn’t resize leaving the black background in the full area of the page. As a workaround, click the full screen button, and then select theater mode.

Related:

Leave a Reply