Jump to content
Welcome to our new Citrix community!

EPA fails after Chrome and Edge version 98 upgrade


Recommended Posts

We are having this same issue as soon as we update to v98 as well.  The more frustrating thing is that I was able to view the article: https://support.citrix.com/article/CTX339975, But after I closed and reopened my browser, It now shows that the content is restricted.  There was a referenced registry key that I was going to attempt to add, but now I can't view it any longer.

 

Please let us know if anyone has a fix for this.

  • Like 1
Link to comment
Share on other sites

We haven't been able to find a workaround. But the content of the solution that they posted is here:

 

Solution

Engineering has identified the issue and working on fix. Jira ID: NSHELP-30641. 

Workaround:

1. Windows 

- We can add below registry key as a workaround for Chrome.

Under the below location add a string type key 1 with value [*]localhost:[*] to allow localhost networks from Chrome.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\InsecurePrivateNetworkRequestsAllowedForUrls

More details about the registry changes are available at https://chromeenterprise.google/policies/#InsecurePrivateNetworkRequestsAllowedForUrls 

- Use Edge or Firefox. 

2. MacOS

Add the exception to com.google.Chrome.plist file.

Here are the steps to do from command line.

Take a backup of the file (~/Library/Preferences/com.google.Chrome.plist)

a. Close all Google Chrome windows and quit the app.
b. Open Terminal.
c. Type the below commands :

defaults write com.google.Chrome InsecurePrivateNetworkRequestsAllowedForUrls -array https://corporate_vpn_fqdn.com;

defaults read ~/Library/Preferences/com.google.Chrome.plist

d. Reopen Chrome and try

  • Like 1
Link to comment
Share on other sites

I read the article CTX339975 on Friday too but it is not accessible now. Why would Citrix removed it?

 

My Edge has stopped working too and the registry hack workround provided in the article didnt work for me (Windows 10). This is going to massively impact my users come Monday morning!

Link to comment
Share on other sites

For Microsoft Edge, we got it working by adding this to the registry:

 

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge\InsecurePrivateNetworkRequestsAllowedForUrls]
"1"="https://VPN.CONTOSO.COM"

 

Things to keep in mind:
1) The browser must be restarted after adding that.

2) If nespa.exe is already running it must be shutdown

 

We also noticed that while some users have modify permissions to that area of the registry, some do not which means elevating permissions and adding it using the HKU hive, because once you elevate HKCU is the administrator account you used to elevate. 

Link to comment
Share on other sites

After some testing, I was taking the Citrix registry entry from Citrix and Denys at face value which would not work for me.  I feel a bit dumb for doing that.

 

I had to create the String Entry 1 as the actual website in use.  So you need to use https://your.webpagehere.com instead of actually using [*.]localhost:[*.] per Citrix, or https://VPN.CONTOSO.COM. per Denys.  Hopefully this helps someone who could not get the registry key to work.  This also works at the HKEY_LOCAL_MACHINE level as well for both Chrome and Edge.  

 

Still keeping my eyes open for Official Citrix fix.

Link to comment
Share on other sites

Here is a proper workaround lads:
1. Add a DWORD InsecurePrivateNetworkRequestsAllowed with value 1 under hkcu\software\policies\google\chrome\
2. Add KEY InsecurePrivateNetworkRequestsAllowedForURLs under  hkcu\software\policies\google\chrome\ 
3. Add a STRING named 1 with value:  [*]localhost:[*] under  hkcu\software\policies\google\chrome\InsecurePrivateNetworkRequestsAllowedForURLs

4. Close and open Chrome again

 

Same applies for Edge, just use hkcu\software\policies\microsoft\edge 

 

 

 

 

 

 

Chrome.PNG

edge.PNG

Link to comment
Share on other sites

  • 2 weeks later...

Looks like a fix is released by Citrix - EPA fails after Chrome/Edge version 98 update (citrix.com)

 

The fix is in an EPA Plug-in which only supported in 13.x and above. I am using 12.1 and only support EPA Libraries. It will error when I tried to upgrade the plug-in on 12.1.

 

Also, I have used WinSCP to upload the new nsepa_setup.exe (22.2.1.103) to the Netscaler file location. It will download and I installed it on Chrome but still doesn't work.

 

Anyone else got this working 100%?

 

p/s When you do get it working on Chrome, make sure you restart your device, not just Chrome. After a restart, it stopped working. Happened to me and my colleague during testing!

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...