We manage a Citrix farm where users primarily launch a full desktop environment. From there, they can also connect to other applications running in Citrix Silo’s or access external Citrix farms. As an user environment manager (UEM), we utilize Ivanti Workspace Control (IWC).
When a user logs onto the primary desktop, the endpoint hostname is utilized by Ivanti Workspace Control within that session. Based on the endpoint hostname, we can set specific configurations using features like “location and devices”. In a double-hop scenario, where a user launches a Citrix published application or another Citrix desktop from within the primary session, the hostname of the primary session server is used as the hostname in the secondary session.
In our environment, where many configurations and settings depend on the endpoint being used, this can be challenging. In the secondary session, we are unable to determine the original endpoint hostname. Luckily, Citrix provides a solution for these kinds of scenarios. By modifying two registry keys within the first hop, the hostname of the initial endpoint is passed through to the second hop.
CTX239561 : Client name not passing through in a double-hop scenario
This works like a charm. With these registry keys in place, not the sessions server hostname, but the actual endpoint hostname is visible in the secondary session.
Not long after we applied this registry change, several users started complaining that they were not able to launch a Citrix passthrough session. To clarify, they could launch the Citrix session, but Ivanti Workspace Control reported that the user already had a running session and wasn’t allowed to launch a second one.
This was somewhat unusual; although the majority of our users are only allowed to launch one Citrix session at a time, passthrough sessions should always be possible.
Within Ivanti Workspace Control, we had the ‘User Session‘ option enabled, which prevents users from signing in more than once. However, the ‘Always Allow Passthrough Sessions’ option was also enabled. Normally, a Citrix Passthrough session does not require an Ivanti Workspace Control license and is reported as ‘passthrough’ within ‘User Sessions.
Because we modified the Citrix registry keys to pass through the original client name to the passthrough session, Ivanti Workspace Control detects this as a unique session. This occurs because the user session is determined based on the endpoint hostname.
So be aware, when using this Citrix modification to passthrough your client name, depending on your Ivanti Workspace Control configuration, this might cause an unwanted side effect! A solution could be to disable ‘User Sessions’, allowing all users to launch ‘multiple’ sessions. However, this will consume additional Ivanti Workspace Control licenses.
Based on this finding, Ivanti has also created a knowledge base article, which explains how this works.
HOWTO pass through client name in Workspace Control in a double hop scenario