Jump to content
Welcome to our new Citrix community!

Microsoft RDS 2016/2019 HTML5 Webclient problem


Recommended Posts

Hi,

I have a virtual Netscaler (firmware NS13.0.36.27.nc) for securely publishing my Microsoft RDWEB (Remoteapps & Remotedesktops) to the Internet. It was configured after the best practice documentation and works fine with the old webclient (https://[external name]/RDWeb/Pages), when .rdp files are being downloaded. 

 

Yesterday I implemented the new HTML5 Client, following these instructions: https://www.tech-coffee.net/deploy-a-windows-server-2019-rds-farm-with-html5-client/

The new client is reachable https://[name]/RDWeb/Webclient and works fine if accessed internally, or if I publish it via NAT over the firewall. It doesen't work when it is being published over Netscaler!

 

I attached the console error logs from the html5 client. The error message led me to the technet forums, where I found someone with similar symptoms but no solution: https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fwindowsserver%2Fru-RU%2F96e72f2e-f26f-4057-9835-b414403fe468%2Frds-webclient%3Fforum%3Druwinserver2016

 

Someone with a nginx reverse proxy also had that problem, that was the solution for him (Source: http://ydtyjku.blogspot.com/2019/06/win-server-2019-rds-html-5-web-client.html):

"I finally figured it out while fixing another issue: the issue was caused by an overly restrictive Content-Security-Policy header added by the nginx reverse proxy.

 

Before, the header only had default-src; now it has image-src and media-src to allow data: and blob: data types. This is the header that is working currently (probably overly permissive, but it works until we can review it further):

 

default-src * data: 'unsafe-eval' 'unsafe-inline'; img-src * data: blob:; media-src * data: blob:"

 

Is there something similar to configure in Netscaler? Somehow allow image-src, media-src and blob data types?

 

RD Console Logs.txt

Link to comment
Share on other sites

Hi,

 

how did you publish your RDWeb HTML5 Portal, via LoadBalancing or Content Switching (if content switching, please check if your expression includes all needed FQDNs or sitepath's)

 

also what I see in your log is: 

 

2019-07-11T09:21:20.445Z Core telemetry event: eventName=ConnectionException, traceMessage=An exception has occurred. Details: disconnect code=ConnectionBroken(8), extended code=<null>, reason=WebSocket closed with code: 1006 reason: 
 Thrown in thread 396952 at:
    websockettransport.cpp(330)

 

So maybe there is a problem with http websockets, again. Take a look at https://blogs.serioustek.net/post/2014/10/04/load-balancing-remote-desktop-gateway-with-citrix-netscaler-part-2-aspx and check if you enabled websockets at your setup in NetScaler.

 

Another Option, because of HTML5, could be TLS Versions and Cipher Suites. I would test some older TLS Versions and Cipher Suites with different browsers.

 

Regards

Julian

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...