You do not have the proper encryption level to access this Session with HTML5 Receiver

16 Jan

So at the moment we’re testing a lot of new devices in combination with our XenApp 6.5/NetScaler infra, which ofcourse is a lot of fun. I ran into this problem, which I thought was poorly documented. So there we go…. You get the well known error “You do not have the proper encryption level to access this Session” when firing up your app. using the new HTML5 receiver (eg. with Chrome or Opera or Firefox).

xa65-html5test-4

To start with a disappointing message: There isn’t really a nice way to fix this issue (yet). The Citrix product management has confirmed to a supporting partner of ours that 128-BIT (RC5) encryption isn’t supported now and in the near future. The HTML5 Receiver only supports BASIC encryption. So you have a choice to make: Are you going to reduce the security of your complete farm (set basic authentication for all your apps and in your policies). Or are you going to reduce just one or a few apps (and accept these apps can only be started with the HTML5 receiver, and will result in encryption errors if they are started with any other receiver). In our case we chose the latter. We’re configuring just one application with basic authentication and created an exception on the SecureICA policy based on the HTML5-Receiver client name.

xa65-html5test-1

If you have a look at the picture above you’ll notice that the clientname of the connected client is HTML5-Receiver. We fired up several clients at the same time and they all got the same clientname. So we created a policy that configures Basic encryption on the HTML5-Receiver client name

xa65-html5test-2

You need to modify your published app. And change 128-BIT RC5 encryption to Basic encryption.

xa65-html5test-3

This can also easily be done with PowerShell.

Get-XAApplication -Name "Microsoft Word 2010 HTML5TEST" |
Set-XAApplication -EncryptionLevel 1 (basic encryption) -EncryptionRequired 0 (min. requirement)

The command above just does it for the app you want to configure. If you choose to lower the security of your complete farm just replace the app.name with *. After configuring your app will run like a charm.
But to say it’s a nice solution. Nah! Hope Citrix will implement encryption in the Citrix HTML5 Receiver sooner than later.

xa65-html5test-5

Good luck!

Comments

Leave a Reply