After we recently upgraded our environment to Ivanti Workspace Control 10.12.0.0, we suddenly encountered issues with Citrix Published Applications. Users trying to launch a published application received an error “Application can’t be started…(Instant Passthru could not be resolved)
Although we had not made any changes to the Citrix XenApp Publishing integration within the Ivanti Console, we did check the configuration completely. Everything was configured as Ivanti says it should be set up.
Cause the update of our last golden image only updated Ivanti Workspace Control, we decided to downgrade the agent from 10.12.0.0 to 10.11.10.0, the version we were previously using. And yes, suddenly everything was working properly again.
The solution seemed simple, so we filed a support case with Ivanti, saying something had fallen in the recently released Ivanti Workspace Control 10.12.0.0 update. After the support engineer checked our setup, we provided him with a working and non-working trace file. Soon we received the request to add the registry key below to the broken golden image.
32-Bits OS: HKEY_LOCAL_MACHINE\SOFTWARE\RES\Workspace Manager
64-Bits OS: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\RES\Workspace Manager
Value: UseStoreBrowse
Type: REG_SZ
Data: NOAnd indeed by using the “UseStoreBrowse” value in the registry, Ivanti Workspace Control 10.12.0.0 worked again. Apparently the “StoreBrowse” functionality within our environment was not working correctly. By using “UseStoreBrowse” we fell back on the old method, based on the use of the Apps.xml file. We decided to temporarily deploy this workaround and to conduct further research into SecureBrowse in the meantime.
Workspace Control 2022.4 (10.11.10.0) UseStoreBrowse registry key set to Yes by default
Starting with this version on Workspace Control, the default value of the UseStoreBrowse registry key is set to Yes. If you do not want to use the StoreBrowse method, simply set the value to No.
For more details, see Workspace Control Administration Guide.
Citrix StoreBrowse
Storebrowse is a command-line utility that interacts between the client and the server and enables you to launch published applications.
StoreBrowe
More information about SecureBrowse can be found here : https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/store-browse.html
Using the command below we tried to list all published apps and desktops from a specific store.
Storebrowse.exe -M 0x2000 -E https://storefront.peppercrew.nl/Citrix/PepperStore/DiscoveryAnd yes, all available applications were neatly displayed. The next step was to launch an application via the command line. We were able to launch the applications in two different ways:
Storebrowse.exe -L "DefaultAggregationGroup.\MyTestApplication" https://storefront.peppercrew.nl/Citrix/PepperStore/Discovery
Storebrowse.exe -S "MyTestApplication" https://storefront.peppercrew.nl/Citrix/PepperStore/DiscoveryWith both options, our applications started properly from the command line. So it seemed that StoreBrowse did work correctly in our environment, so the question now was why we can start the application, but it doesn’t work from Ivanti Workspace Control. We created another trace log and took a closer look at it. Further investigation of the trace log tells us that the application we manually retrieved via StoreBrowse looks similar from what Ivanti retrieved.
'DefaultAggregationGroup.\MyTestApplication' 'MyTestApplication' '\' '' https://storefront.peppercrew.nl/Citrix/PepperStore/resources/v2/RGVmYXVsdEFnZ3JlZ2F0aW9uR3JvdXAuXFRlc3RfQXJub3Vk/launch/icaThe IWC trace log looked similar, but it ultimately failed to launch the published app. To further investigate the problem, we switched to the development environment and suddenly we noticed a big difference and here the published applications worked with IWC 10.12.0.0. The applications are displayed differently after downloading via StoreBrowse.
Development environment:
'MyDDC.MyTestApplication' 'MyTestApplication' '\'
Production environment:
'DefaultAggregationGroup.\MyTestApplication' 'MyTestApplication' '\'Within the development environment the application name contained the “Display Name” of the Delivery Controller, within production it is “DefaultAggregationGroup.\”. In production we used Multi-Site Aggregation, so StoreBrowes does not use the “Display Name”, but adds “DefaultAggregationGroup.\” to each application.
It seems that Ivanti Workspace Control is having trouble with the “\” included in the name. We tested 10.12.0.0 with a Store without Multi-Site Aggregation and that works fine. Ivanti told us they will investigate this further, but for now we have two workaround in place.
- Disable SecureBrowse and use the old method;
- Temporarily use a Citrix Store that does not have Multi-Site Aggregation active;