Delay Starting Published Application in #Citrix #XenApp
Symptoms
Applications with .Net or Java components take long time to start.
Cause
When the user accesses the published XenApp application with .NET or Java component, first time user logon to the published application takes long time to appear after first click over the application. The application appears after a time out that varies and after appearing, the applications behave as expected.
In other cases, the application is started correctly but during scenarios such as execution or accessing different module of the application, this access might take more time to process or fail in some cases.
This behavior occurs when the servers where the applications are published do not have Internet access and these applications have some.NET or Java component certificate that must be verified. If the server does not have Internet access, then the .NET framework or Java component cannot access the crl.microsoft.com website to verify that the digital signatures that are used to sign the binaries for managed applications are valid. Each certificate check has a 15 second timeout in the .NET runtime implementation. Depending on what features are installed, this can add up to a minute of startup time for the application.
Resolution
To avoid this behavior and resolve the application delay, you must change several options in the Internet properties Advanced tab on the servers, applying a GPO or manually through registry modifications
Internet Properties
Open User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page.
The options that must be set to disable value are:
- Check for publisher’s certificate revocation
- Check for server certificate revocation*
GPO Policy
Setting the following options through GPO policy and applying to all the users ensures that these changes are updated in the next registry modifications in the servers:
- For Check for publisher´s certificate revocation:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
- Default setting: 0x00023c00 (166432)
- After manually setting disabled: 0x23e00 (146944)
- After applying the GP preference settings: 0x002c9 (713)
- For Check for server certificate revocation*:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
- Certificate Revocation Dword Key == 0
Once this is done, the application does not attempt to verify the certificate and the time out is not reproduced.
This document applies to:
- Feature Pack 1 for Presentation Server 4.5
- Presentation Server 4.0 for Microsoft Windows 2000
- Presentation Server 4.0 for Microsoft Windows 2003
- Presentation Server 4.0 x64 Edition
- Presentation Server 4.5 for Windows Server 2003
- Presentation Server 4.5 for Windows Server 2003 x64 Edition
- XenApp 5.0 for Windows Server 2003 x64
- XenApp 5.0 for Windows Server 2003 x86
- XenApp 6.0 for Windows Server 2008 R2
- XenApp 6.5 for Windows Server 2008 R2
