How to Configure and Troubleshoot Browser Content Redirection

Browser Content Redirection controls and optimizes the way XenApp and XenDesktop deliver any web browser content (like HTML5) to users. Only the visible area of the browser where content is displayed (a.k.a viewport) will be redirected.

1.0 Feature Requirements

Client side:

Windows 7, 8.x,or 10,and Internet Explorer 11.

Citrix Receiver for Windows 4.10 or higher

Citrix Receiver for Linux : 13.9

XenApp / XenDesktop 7.16-7.17-7.18:

VDA operating system: Windows 10 (1607 or higher), Windows Server 2012 R2, Windows Server 2016

Browser on the VDA: Internet Explorer 11 with HdxjsInjector Add-On enabled.

The following policies are available for the Browser Content Redirection feature in Citrix Studio:

User-added image

2.0 Browser Content Redirection policy

By default, Citrix Receiver tries client fetch and client render. If client fetch client and render fails, server-side rendering is tried. If you also enable the Browser Content Redirection proxy configuration policy, Citrix Receiver tries only server fetch and client render.

By default, the Browser Content Redirection policy is set to Allowed.

Registry override options on the VDA for policy settings:

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixHdxMediastreamOrHKEY_LOCAL_MACHINESOFTWARECitrixHdxMediastreamName: WebBrowserRedirectionType: DWORD1 = Browser content redirection is Allowed.0 = Browser content redirection is Prohibited

2.1 Browser Content Redirection ACL Configuration policy

Use this policy to configure an Access Control List (ACL) of URLs that can use browser content redirection or are denied access to browser content redirection.

Authorized URLs are the whitelisted URLs whose content is redirected to the client. The wildcard * is permitted, but it isn’t permitted within the protocol or the domain address part of the URL:

  • Allowed: http://www.xyz.com/index.html, https://www.xyz.com/*, http://www.xyz.com/*videos*
  • Not allowed: http://*.xyz.com/

You can achieve better granularity by specifying paths in the URL. For example, if you specify https://www.xyz.com/sports/index.html, only the index.html page is redirected.

By default, this setting is set to https://www.youtube.com/*

Registry override options on the VDA for policy settings:

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixHdxMediastreamOrHKEY_LOCAL_MACHINECitrixHdxMediastreamName: WebBrowserRedirectionACLType: REG_MULTI_SZ

2.2 Browser Content Redirection Blacklist Configuration policy (7.17 and higher)

This setting works along with the Browser Content Redirection ACL Configuration policy. If URLs are present in the Browser Content Redirection ACL Configuration policy and the Browser Content Redirection Blacklist Configuration policy, the blacklist configuration takes precedence and the browser content of the URL isn’t redirected.

Policy Settings:

  • Unauthorized URLs: Specifies the blacklisted URLs whose browser content isn’t redirected to the client, but rendered on the server. The wildcard * is permitted, but it isn’t permitted within the protocol or the domain address part of the URL.
  • Allowed: http://www.xyz.com/index.html, https://www.xyz.com/*, http://www.xyz.com/*videos*
  • Not allowed: http://*.xyz.com/

You can achieve better granularity by specifying paths in the URL. For example, if you specify https://www.xyz.com/sports/index.html, only index.html is blacklisted.

2.3 Browser Content Redirection Proxy Configuration policy

This policy provides configuration options for proxy settings on the VDA for Browser Content Redirection feature.

If enabled with a valid proxy address and port number, only Server Fetch Client Rendering is attempted.

If disabled or left unconfigured with default value, Client Fetch Client Rendering is attempted.

Allowed pattern: http://<hostname/ip address>:<port>

For example, http://proxy.example.citrix.com:80

By default, this setting is prohibited.

Registry Override options for policy settings (Registry path varies depending on VDA architecture):

HKLMSOFTWAREWow6432NodeCitrixHdxMediastreamOrHKLMSOFTWARECitrixHdxMediastreamName: WebBrowserRedirectionProxyAddressType: REG_SZ

2.4 Browser Content Redirection Authentication Sites policy (7.18 and higher)

This setting allows you to configure a list of URLs that sites redirected via Browser Content Redirection can use to authenticate a user.

In other words, it specifies the URLs for which Browser Content Redirection will remain active (redirected) when navigating away from a whitelisted URL.

A classic scenario is a website that relies on an Identity Provider (IdP) for authentication.

For example, website www.xyz.com needs to be redirected to the endpoint, but the authentication portion is handled by a third party IdP, like Okta (www.xyz.okta.com).

The Admin would need to use the Browser Content Redirection ACL Configuration policy to whitelist www.xyz.com, and use Browser Content Redirection Authentication Sites to whitelist www.xyz.okta.com.

2.5 Client Side Optimization

The following registry key can be set on the Client (Receiver for Windows 4.10 only, in 4.11 is already included by default) in order to enable HdxBrowser.exe (the overlay browser on the endpoint responsible for Client-side rendering) to use the GPU resources on the Client, hence reducing CPU utilization.

HKEY_LOCAL_MACHINE (and in HKEY_CURRENT_USER) SOFTWARE Microsoft Internet Explorer Main FeatureControl FEATURE_GPU_RENDERING (create if not present) HdxBrowser.exe = (DWORD) 00000001

3.0 Browser Content Redirection Troubleshooting

3.1 General troubleshooting steps

Step May clear problem in
Close Internet Explorer, re-open, and navigate to a whitelisted site. Browser Add-On and HdxVideo.js file
Disconnect and reconnect the session. Receiver, HdxBrowser.exe, WebsocketAgent, and services
Logoff and logon to a new session. Receiver, HdxBrowser.exe, WebsocketAgent, and services
Stop the services: 1. Browser redirection service, 2. HTML5 redirection service, and 3. Port forwarding service. Restart them in reverse order listed. Logoff and logon the session. All components


3.2 Data to collect for troubleshooting

VDA side

CDF modules to trace:

HDX_Multimedia_BrowserService
HDX_Multimedia_HdxjsInjector
HDX_Multimedia_PortForwardLibrary
HDX_Multimedia_PortForwardService
HDX_Multimedia_WebSocketAgent
HDX_Multimedia_WebSocketPipe
HDX_Multimedia_WebSocketService
PE_Service_CtxEchoSvc
PE_Library_GvchBase

Receiver side

CDF modules to traces:

IcaClient_DriversVd_BrowserRedir
IcaClient_DriverVd_PortForward
Ica_Multimedia_HdxBrowser

Ensure HdxBrowser.exe is running on Recevier while you are on a whitelisted site.

4.0Browser JavaScript log live debugging:

  1. Open %programfiles%CitrixHTML5 Video RedirectionHdxVideo.js

  2. Change the line var DEBUG_ONLY = false; to var DEBUG_ONLY = true;

  3. Close Internet Explorer and reopen, hit f12, and go to the Console tab. Browse to a whitelisted site.

  4. You should see traces from [HdxVideo.js] (example below). Collect the entire log.

    [HdxVideo.js] onResize:

    [HdxVideo.js] sendClientSize: w: 1048 h: 560

    [HdxVideo.js] >>> {“v”:”clisz”,”w”:1048,”h”:560}

Related:

  • No Related Posts

Leave a Reply