After we recently upgraded our environment to Ivanti Workspace Control, we suddenly encountered issues with Citrix Published Applications. Users trying to launch a published application received an error “Application can’t be started…(Instant Passthru could not be resolved)

Ivanti Workspace Control

Although we had not made any changes to the Citrix XenApp Publishing integration within the Ivanti Console, we did check the configuration completely. Everything was configured as Ivanti says it should be set up.

Cause the update of our last golden image only updated Ivanti Workspace Control, we decided to downgrade the agent from to, the version we were previously using. And yes, suddenly everything was working properly again.

The solution seemed simple, so we filed a support case with Ivanti, saying something had fallen in the recently released Ivanti Workspace Control update. After the support engineer checked our setup, we provided him with a working and non-working trace file. Soon we received the request to add the registry key below to the broken golden image.

64-Bits OS: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\RES\Workspace Manager

Value: UseStoreBrowse
Type: REG_SZ
Data: NO

And indeed by using the “UseStoreBrowse” value in the registry, Ivanti Workspace Control worked again. Apparently the “StoreBrowse” functionality within our environment was not working correctly. By using “UseStoreBrowse” we fell back on the old method, based on the use of the Apps.xml file. We decided to temporarily deploy this workaround and to conduct further research into SecureBrowse in the meantime.

Workspace Control 2022.4 ( UseStoreBrowse registry key set to Yes by default

Starting with this version on Workspace Control, the default value of the UseStoreBrowse registry key is set to Yes. If you do not want to use the StoreBrowse method, simply set the value to No.
For more details, see Workspace Control Administration Guide.

Citrix StoreBrowse

Storebrowse is a command-line utility that interacts between the client and the server and enables you to launch published applications.


More information about SecureBrowse can be found here :

Using the command below we tried to list all published apps and desktops from a specific store.

Storebrowse.exe -M 0x2000 -E

And yes, all available applications were neatly displayed. The next step was to launch an application via the command line. We were able to launch the applications in two different ways:

Storebrowse.exe -L "DefaultAggregationGroup.\MyTestApplication"

Storebrowse.exe -S "MyTestApplication"

With both options, our applications started properly from the command line. So it seemed that StoreBrowse did work correctly in our environment, so the question now was why we can start the application, but it doesn’t work from Ivanti Workspace Control. We created another trace log and took a closer look at it. Further investigation of the trace log tells us that the application we manually retrieved via StoreBrowse looks similar from what Ivanti retrieved.

'DefaultAggregationGroup.\MyTestApplication'  'MyTestApplication'   '\'     ''

The IWC trace log looked similar, but it ultimately failed to launch the published app. To further investigate the problem, we switched to the development environment and suddenly we noticed a big difference and here the published applications worked with IWC The applications are displayed differently after downloading via StoreBrowse.

Development environment:
'MyDDC.MyTestApplication'  'MyTestApplication'   '\'

Production environment:
'DefaultAggregationGroup.\MyTestApplication'  'MyTestApplication'   '\'

Within the development environment the application name contained the “Display Name” of the Delivery Controller, within production it is “DefaultAggregationGroup.\”. In production we used Multi-Site Aggregation, so StoreBrowes does not use the “Display Name”, but adds “DefaultAggregationGroup.\” to each application.

Citrix StoreFront Multi-Site Aggregation.

It seems that Ivanti Workspace Control is having trouble with the “\” included in the name. We tested with a Store without Multi-Site Aggregation and that works fine. Ivanti told us they will investigate this further, but for now we have two workaround in place.

  1. Disable SecureBrowse and use the old method;
  2. Temporarily use a Citrix Store that does not have Multi-Site Aggregation active;

Post Navigation