Microsoft Edge on Server 2019/2016 (and Citrix)

KB ID 0001657

Problem

In a fit of lunacy Microsoft have called ‘their’ new browser Microsoft Edge, so we can spend the next few months confusing it with Edge. Plus every Google search for GPO settings, error messages etc will all now show search results for the old Edge Browser not the new Microsoft Edge browser! Perhaps the same doofus at Microsoft who called the Exchange sync Active Sync when Microsoft already had a product called Active Sync was involved?

Anyway I got a request from a client this week to have Microsoft Edge on their Citrix environment, there was some confusion (imagine that), because Edge does not work on server 2016, (and it’s not shipped as part of server 2016), but would Microsoft Edge work?

Installing Microsoft Edge on Server 2019/2016 (With IE11)

Why is Internet explorer still alive? Anyway If you want to install Edge on a modern Windows server firstly ensure you are fully up to date with updates! Then open IE. Internet Options > Security > Custom > Scripting > Enable Active Scripting > OK > Yes > Apply > OK.

 Then go to https://www.microsoft.com/en-us/edge/business and install it manually.

Microsoft Edge on Server 2019/2016

The first test was, ‘would it run on Server 2016’, it detected the OS as Windows 10 (unsurprisingly), and installed fine;

Microsoft Edge on Remote Desktop Services

Well Citrix is really just Remote Desktop Services in a leather jacket, so the next test was,’ would it work in RDS?’ I span up an RDS farm on the bench, and was pleased to see I could select Microsoft Edge as a RemoteApp, (not that I needed to deploy it using RemoteApp, but it being detected was promising).

And in an RDS session it worked faultlessly.

Deploy Microsoft Edge on Citrix (Server 2016)

Here’s where we had a problem, it installed fine, but every time I went to open it, all I got was a ‘white screen’ for about 5 minutes, after this it burst into life, which I couldn’t really ask the client to put up with!

As this was happening when I launched the browser I ‘wrongly’ assumed it was a ‘first run‘ problem (for the uninitiated, previous Microsoft browsers got an annoying ‘how do you want to set the browser up’ routine, then finally dumped you on the MSN webpage, (does anyone actually use the MSN webpage?) While it didn’t cure my problem it’s worth mentioning how I stopped the first run dialog happening);

Controlling Microsoft Edge with Group Policies

If you are used to importing ADMX and ADML files then this will be a breeze to you. If you are really interested I cover the subject in great deal in the following post;

Setup up a Central ‘PolicyDefinitions’ Store (for ADMX files)

Essentially download the latest msedge.adml and msedgeupdate.adml files and (on a Domain controller,) copy them to;

[box]

C:\Windows\SYSVOL\{domain-name}\Policies\PolicyDefinitions\en-US

[/box]

Note: Other Input locales are available, my servers are using English (US).

Then copy the msedge.admx and msedgeupdates.admx files to;

[box]

C:\Windows\SYSVOL\{domain-name}\Policies\PolicyDefinitions

[/box]

Microsoft Edge Stop ‘First Run’ With Group Policy

The two policies I used are both located at;

[box]

Computer configuration > Policies > Administrative Templates > Microsoft Edge

[/box]

Microsoft Edge: Stop Importing of Bookmarks/Favourites

Locate: ‘Automatically import another browser’s data and settings at first run‘ > Enable the policy, and select ‘Disable automatic import and the import section of the first run experience is skipped‘ > Apply > OK.

Microsoft Edge: First Run

This will disable the entire first run dialog;

Locate: ‘Hide the First-run experience and splash screen‘ > Enable the policy > Apply > OK.

Then either wait or force a policy refresh.

Deploy Microsoft Edge on Citrix

As it was working in RDS and not working on Citrix, then the problem was probably Citrix*. Citrix is one of my weaker subjects, so credit for the actual fix should go to my colleague (Dan Brookes). 

*After I had discounted existing group policies, and other installed applications.

Running Microsoft Edge while it was ‘hanging’ and looking at what was going on in ‘Process Monitor’ showed a lot of hook64.dll entries;

This pointed to the culprit, open the registry Editor (regedit) and navigate to;

[box]

HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > CtxUvi

[/box]

Locate the UviProcesExcludes REG_SZ value, edit it and add ‘msedge.exe;‘ to the end.

Theres probably one service you can restart, but I simply rebooted the server, (problem solved).

FSLogix and Microsoft Edge

If you are running FSLogix you should also add an ‘exclusion’ to the Redirections.xml file, (located in your \\{domain-name}\NETLOGON folder).

[box]

<Exclude>AppData\Local\Microsoft\Edge Dev\User Data\Default\Cache</Exclude>

[/box]

 

Related Articles, References, Credits, or External Links

Microsoft Edge (macOS) Migrate Bookmarks from Safari

Citrix: mac OSX ‘You have chosen not to trust…’

KB ID 0001520

Problem

After a colleague deployed Citrix for a customer the other day, they complained that they had a mac user that was getting certificate errors. They had a publicly signed wildcard certificate, but this user was still having problems.

After I  heard a few “tell him to stop using a mac” comments, I said, “I’m using a MacBook here, would you like me to test it?” The URL opened fine in Safari, and the certificate looked good (all green), I was prompted to install the Citrix receiver, and was presented with a session to open, when I did so, I got this;

You have chosen not to trust {Certificate-Name} the issuer of the servers security certificate.

Solution

Head over to https://www.sslchecker.com and put your Citrix URL in and check it, I found this. So I downloaded the two certificates it said I was missing.

Note: For someone who works with certificates, this makes no sense, (as I got to the portal without an error). I had to trust the root CA, and its intermediate CA, (what’s being called a Chain Cert below). But I thought I’d play along to see what happened.

‘Double Click’ each downloaded certificate, then choose ‘Add’, (repeat for each certificate in the chain).

Close any open Citrix receiver sessions, restart you browser, and try again.

Related Articles, References, Credits, or External Links

NA

Citrix NetScaler – Simple HTTP Site Load Balancing

KB ID 0001188 

Problem

Here is the simplest load balancing scenario I can think of, I’ve got two web servers, (on http port 80) and I’m presenting them though my NetScaler as an HTTP (Virtual Server).

 

Solution

First we add the ‘back-end’ servers. Connect to the management IP of your NetScaler and login > Configuration > Traffic Management  > Load Balancing > Servers > Add.

Define a name for the first server and enter its IP address > Create.

Repeat to add the second internal web server. 

Now I’m going to group these servers together in a ‘service group’, (you don’t have to, you can present them individually to the virtual server you will create in a minute if you prefer). Configuration > Traffic Management  > Load Balancing > Service Groups > Add.

Name the group and set the protocol to HTTP  > OK.

When created, you will see it says ‘No Service Group members’  > Click there.

Select ‘Server Based’ > Click the search arrow.

Tick them all > Select.

Set the port (HTTP is TCP port 80) > Create.

OK.

Now we need to add a monitor, this is what the NetScaler will use to monitor the service availability of your ‘back-end’ servers on TCP port 80 (HTTP). Click Monitors.

This confused me for a while, selecting things on the right, drops them at the bottom of the main page > Click ‘No service Group Monitor Binding’.

NetScaler has a monitor for http pre-configured, so I’m going to use that > Click the search arrow.

Click ‘http’  > Select.

Bind.

Done.

Now we tie all that together in a ‘Virtual Server’ > Configuration > Traffic Management  > Load Balancing > Virtual Servers > Add.

Give the Virtual Server a name > Protocol is HTTP > Specify the IP address (this will be the VIP the NetScaler presents to the outside world)  > Port 80 > OK.

Now we need the add the group we created earlier, click where it says ‘No load balancing Virtual Servers Service Group Binding’.

 

Click the search arrow.

Click the group you created earlier > Select.

Bind.

Continue.

Done.

Save your hard work.

You should be green across the board.

To test this I put a different web ‘welcome’ page on both of the servers, that way as I refresh the page I can see that the NetScaler is doing its job and balancing the requests across both back-end web servers.

 

Related Articles, References, Credits, or External Links

NA