Product documentation
Citrix Workspace app for Windows
2409.10-Current Release 2402 LTSR 2203.1 LTSR 1912 LTSR
View PDF

About this release

January 21, 2025
Contributed by: 
S M V

Learn about new features, enhancements, fixed issues, and known issues for Citrix Workspace app for Windows.

Note:

  • Looking for features in Technical Preview? We have curated a list so that you can find them in one place. Explore our Features in Technical Preview page and share your feedback using the attached link.
  • The Workspace UI updates with new features regularly. For more information about the new features on Workspace UI, see What’s new for Workspace UI.

What’s new in 2409.10

This release addresses a few issues that help to improve overall performance and stability.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 131.1.1.32, based on Chromium version 131. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Fixed issues in 2409.10

  • Feature flag might not be retrieved when running in emulator mode on the Windows ARM64 operating system. [RFWIN-37184]
  • You might notice that the Connection Details icon text is truncated. [HDX-73562]
  • When using seamless apps, the wfica32.exe process might exit unexpectedly and the session might fail. [CVADHELP-26242]

  • You might fail to access the store from Citrix Workspace app using an email address and receive the following error message:

    “This store doesn’t exist. Please retry or contact support.”

    This issue occurs when the StoreFront store is set as the default site or when you use a load balanced store URL. [CVADHELP-27178]

Known issues in 2409.10

There are no new known issues in this release.

Note:

For a complete list of issues in the earlier releases, see Known issues.

Earlier releases

This section provides information about the new features and fixed issues in the previous releases that we support as per the Lifecycle Milestones for Citrix Workspace app.

2409.1

What’s new

This release addresses a few issues that help to improve overall performance and stability.

Fixed issues

  • You might notice that printers do not map to the session, causing users to fail to print from published apps using locally installed printers. This issue occurs in Citrix Workspace app for Windows version 2409. [HDX-73816]

2409

What’s new

Note:

  • The minimum required version of .NET Desktop Runtime is 8 for Citrix Workspace app for Windows 2409.

Support for Windows 11 24H2

Citrix Workspace app for Windows 2409 provides support for the Windows 11 24H2 release. This ensures a smooth transition for users upgrading to the latest Windows version and allows them to continue using Citrix Workspace app without any disruption.

Note:

The Enable MPR notifications for the System policy in the Group Policy Object template must be enabled to support the domain pass-through (single sign-on) authentication feature on Windows 11. By default, this policy is disabled on Windows 11 24H2. So, if upgraded to Windows 11 24H2, you must enable the Enable MPR notifications for the System policy.

Feature flag management

Citrix is changing the way that it manages feature flags, allowing access to preview features and enabling dynamic management of features in production. To ensure optimal functioning of features that are under feature flags, you need to enable traffic to the URL features.netscalergateway.net.

For more information, see Feature flag management.

Single sign-on support for Edge WebView when using Microsoft Entra ID

Previously, when using Entra ID, authentication failed for Citrix Workspace app. With this release, Citrix Workspace app supports single sign-on (SSO) for Edge WebView when using Entra ID for authentication.

You can enable this feature using the UI or through Group Policy Object (GPO).

For more information, see Single sign-on support for Edge WebView when using Microsoft Entra ID.

Enhanced virtual desktop screen resizing experience

Starting with the 2409 version, Citrix Workspace app for Windows ensures a smooth transition and prevents dark screens and flickers when resizing or stretching your virtual desktop screen. This feature is enabled by default.

For more information, see Enhanced virtual desktop screen resizing experience.

Enhanced desktop launch experience

Starting with version 2409, Citrix Workspace app for Windows ensures an enhanced desktop launch experience. You experience a seamless, flicker-free transition to your desktop without intermediate screens. The app also eliminates dark screens and flickering during resizing or stretching, providing a stable and modern interface. This feature is enabled by default.

Enhanced launch

For more information, see Enhanced desktop launch experience.

Enhancement to sustainability initiative

With this release, the sustainability initiative from Citrix Workspace app is enhanced to include the following extra keywords:

  • ICA-Title="sample title": The sample title is shown as the title. It’s recommended to limit the title character count to 30.
  • ICA-Icon=true: The green-leaf icon is shown. If set to false, the green leaf icon is hidden.

Example:

KEYWORDS: ICA-LogOffOnClose=true ICA-PromptMessage="Do you want to sign out from the session?" ICA-Title="Logout or disconnect" ICA-Icon=true
<!--NeedCopy-->

Note:

With this enhancement, if old keywords are detected, the behavior reverts to the default behavior.

For more information, see the Sustainability initiative from Citrix Workspace app section.

Streamlined beacon checks

With this release, you can now use a single internal beacon to determine the network location, eliminating the need for both external and internal beacons. This feature reduces dependencies, enhances reliability, and improves the end-user experience.

.NET requirements

Citrix Workspace app for Windows now requires .NET Desktop Runtime 8.0 (8.0.4 or later). If the endpoint updates the .NET Desktop Runtime, any .NET Core-based app running at the time of the update might exhibit inconsistent behavior. To mitigate this issue, Citrix Workspace app restarts itself. Users receive the following notification once the restart is complete:

.Net update restart

Any active sessions continue to work.

For endpoints with .NET 8.0.10 or later, see Knowledge Center article CTX692228.

For more information see, .NET requirements.

SOCKS5 proxy support for EDT

Previously, Citrix Workspace app only supported HTTP proxies operating on TCP. However, SOCKS5 proxy functionality was already fully supported within the Virtual Delivery Agent (VDA). For more information on VDA support, see the Rendezvous V2 documentation.

With this release, Citrix Workspace app now supports SOCKS5 proxies for Enlightened Data Transport (EDT), enhancing compatibility with modern enterprise network configurations.

Key benefits:

  • Expanded proxy compatibility: Connect seamlessly through SOCKS5 proxies, widely used by enterprise networking teams for their support of both TCP and UDP traffic.
  • Improved EDT performance: Use the full benefits of EDT (UDP-based) for optimized data transfer within Citrix Workspace app sessions.

For more information see, SOCKS5 proxy support for EDT.

Customization of Desktop Viewer toolbar

With this release, you can customize the options on the Desktop Viewer toolbar using the Global App Configuration service, Group Policy Editor, or any third-party endpoint management software capable of pushing Windows registry keys.

For more information see, Customization of Desktop Viewer toolbar,

Remember USB connections

This feature enhances the user experience when remoting USB devices to a Citrix Virtual Apps and Desktops session. While auto-redirection supports using device rules exists, this feature simplifies the process by remembering manually requested connections and reconnecting them with minimal configuration.

For more information see, Remember USB connections.

Disabling the “Exiting Full Screen Mode” tip prompt

Starting with Citrix Workspace app for Windows 2409, you can suppress the “Exiting Full Screen Mode” tip prompt that appears during HDX sessions using the Registry Editor.

For more information see, Disabling the “Exiting Full Screen Mode” tip prompt.

Support for WebHID API in UCSDK

Starting with the 2409 version, Citrix Workspace app for Windows supports the WebHID API to redirect Human Interface Device (HID) from an endpoint to Unified Communication SDK (UCSDK) integrated app on the VDI. It complies with the HID standard for bi-directional communication between the app that is integrated with UCSDK and the HID devices connected to the endpoint. With this feature, your UCSDK app interprets the HID headset commands such as Call accept, reject, mute, or unmute and so on in the HDX session for an enhanced user experience. This feature is enabled by default.

For more information see, Support for WebHID API in UCSDK.

Support for TLS protocol version 1.3

Starting with this release, Citrix Workspace app supports the Transport Layer Security protocol (TLS) version 1.3.

Note:

This enhancement requires VDA version 2303 or later.

This feature is disabled by default.

For more information, see Support for TLS protocol version 1.3.

Disabling TLS 1.0 or 1.1 communication protocols

Starting with Citrix Workspace app for Windows 2409, the use of TLS 1.0 or 1.1 communication protocols is no longer enabled nor supported by default. This change enhances security by removing deprecated and potentially insecure protocols.

Benefits:

  • Enhanced Security: Disabling outdated protocols reduces the risk of security vulnerabilities.
  • Compliance: Aligns with industry standards and recommendations, such as RFC 8996.

Default audio device selection

Starting with the 2409 version of Citrix Workspace app, you can now select your preferred audio devices directly from the Preferences section. This feature allows for the splitting of audio devices across different VDA (VDAs) and monitors, providing a more customized audio experience.

For more information, see Default audio device selection.

Virtual Channel Plugin Manager

The Virtual Channel Plugin Manager can detect when the end-user on the VDA launches a third-party application (for example, New Microsoft Teams), check if its respective VDI plug-in is already installed on the endpoint, and prompt the user to install the plug-in if it is not.

For more information, see the Virtual Channel Plugin Manager documentation.

Connection Strength Indicator on Desktop Viewer toolbar

Starting with version 2409, Citrix Workspace app for Windows now supports the Connection Strength Indicator (CSI) on the Desktop Viewer toolbar. This feature displays a network strength icon that alerts you of network issues. You can click the indicator to view real-time connection statistics for the client and VDA, and copy diagnostic information to share with IT for advanced troubleshooting.

Benefits:

  • Immediate feedback: The network strength icon gently nudges users when network issues are detected.
  • Enhanced troubleshooting: Real-time stats and diagnostics help users and IT teams quickly identify and resolve connectivity issues.

For more information, see the Connection Strength Indicator on Desktop Viewer toolbar.

Deprecation of HDX RealTime Optimization Pack for Skype for Business

Starting from the 2409 release, support for HDX RealTime Optimization Pack for Skype for Business is deprecated. As an alternative, you can use HDX WebRTC Optimization for supported applications.

Deprecation of PNAgent-based stores

Starting from the 2409 release, PNAgent-based stores are no longer supported. PNAgent support was officially deprecated in the 2403 release. For more information, see the Deprecation table.

Note:

We recommend connecting through StoreFront using a store URL instead.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 130.1.1.12, based on Chromium version 128. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Technical Previews in 2409

  • Enable Audio Quality Enhancer to improve audio performance

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

  • The ADDLOCAL command to install the End Point Analysis (EPA) client might fail. [CVADHELP-26132]

  • As part of periodic polling or network refresh, when enabling or disabling a published resource in Citrix Studio, the SelfService UI does not refresh as expected. As a result, you might notice inconsistencies between the actual state and the displayed state of the published resources. [CVADHELP-26065]

  • You might fail to customize Citrix Workspace app using the App Personalization service. This issue occurs in Citrix Workspace app version 2405 or later. [RFWIN-36015]

  • You might fail to sign in to Citrix Workspace with Workspace Environment Management (WEM) tool hub when you use Active Directory and token for authentication. [CVADHELP-25836, RFWIN-35974]

  • When Plug and Play (PnP) is enabled, you might fail to switch webcam from the apps that shows only one camera with a generic name “Citrix HDX Web Camera.” [HDX-69731]

  • When a new user starts the virtual desktop for the first time, the session window appears small. Also, the window is placed in the upper left of the screen. The issue is observed on certain display devices with high DPI, such as the Microsoft Surface Pro. [HDX-62297]

  • The keyboard might fail to respond in a Citrix-published application after you unlock or switch out of a screensaver on the endpoint. [CVADHELP-25613]

  • Bidirectional Content Redirection might fail to bring the local web browser window to the foreground when clicking a URL link in a published application. [CVADHELP-24630]

  • You might notice that the audio device was not recognized if unplugged and replugged during a VDA session, requiring client reconnect for the device to be recognized. [CVADHELP-26125]

  • When you use published apps and desktops, you might experience that the session stops responding followed up by the Citrix HDX error. [CVADHELP-26118]

  • After enabling the device posture, you might be prompted for authentication during each periodic refresh until you successfully authenticate. [CVADHELP-26014]

  • After upgrading to Citrix Workspace app for Windows 2402, the default audio and communication devices might not work as expected. [CVADHELP-26044]

  • When moving an application window between monitors with different DPI values, you might experience double scaling or descaling, which can cause the published app to display black screens and graphical artifacts. [CVADHELP-26024]

  • The wfica32.exe process might exit unexpectedly and might cause session disconnections. [CVADHELP-26012]

  • The wfica32.exe process might exit unexpectedly and this issue occurs intermittently. [CVADHELP-24886, CVADHELP-25934, CVADHELP-25769]

  • You might notice that the first copy operation fails, requiring you to copy twice during the ICA session when using Citrix Workspace app for Windows version 2405.10. This issue occurs when the Client clipboard write allowed formats policy is configured with Restrict client clipboard write. This issue occurs on the Citrix Workspace app for Windows version 2405.10. [CVADHELP-26224]

  • The wfica32.exe process might exit unexpectedly. This issue occurs randomly on the Citrix Workspace app for Windows versions 2402.1–2405.1. [CVADHELP-26234]

  • You might fail to scan from published apps and desktops when using Citrix Workspace app 2405.10. [CVADHELP-26390]

  • When Generic USB remoting is used on a system where Citrix Workspace app and Trellix Data Loss Prevention (DLP) are installed, the audio and video device might fail both locally and in the published app or desktop. To enable the fix, set the following registry key on the endpoint:

    • HKLM\SOFTWARE\Citrix\ICA Client\GenericUSB
    • Name: CompareFilterDriverName
    • Type: DWORD
    • Value: 1

    [CVADHELP-24904]

  • The URL of the DNS request made by the client is truncated and you might fail to open virtual apps and desktops. This issue occurs when the DnsResolutionEnabled parameter is set to True in DDC. [CVADHELP-24945]

  • You might notice that the published apps and desktops are opened from the untrusted sites even though the Enforce trusted server connections feature is configured. [CVADHELP-25346,CVADHELP-24963]

  • When Citrix Workspace app uses Fast connect 3 credential insertion API for authentication, you might notice that the apps and desktops corresponding to the previous user are loaded. [CVADHELP-24011]

  • You might observe that the wfica32.exe process might stop responding when accessing certain apps in a double hop scenario after upgrading the first hop Citrix Workspace app version to 2402. [CVADHELP-26061]

  • On Windows 11 machines, when attempting to return to the open Epic windows, they might appear open in the taskbar but do not display the actual Epic environment window. [CVADHELP-26225]

  • Store addition might fail for email-based stores that use HTTP redirection. [CVADHELP-26248]

  • When generating an ICA file using Storebrowse.exe, you might notice that published app names with non-ASCII characters lose some content under [ApplicationServers]. This issue occurs on Citrix Workspace app for Windows versions 2309 and later. [CVADHELP-26655]

  • The installation might fail midway when updating Citrix Workspace app using the /CleanInstall command if App Protection is running. With the fix, you receive the following error message at the beginning of the installation:

    AppP clean install prompt

    It is recommended to either uninstall Citrix Workspace app first or upgrade without using the /CleanInstall if App Protection is already running.

    [APPP-3818]

2405.12

What’s new

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) is upgraded to 128.0.6613.120. This upgraded version includes fixes for known security vulnerabilities.

Fixed issues

This release addresses a few issues that help to improve overall performance and stability.

2405.11

What’s new

Note:

The Enable MPR notifications for the System policy in the Group Policy Object template must be enabled to support the domain pass-through (single sign-on) authentication feature on Windows 11. By default, this policy is disabled on Windows 11 24H2. So, if upgraded to Windows 11 24H2, you must enable the Enable MPR notifications for the System policy.

This release addresses a few issues that help to improve overall performance and stability.

Fixed issues

Session launch might fail when the anti-keylogging feature of App Protection is enabled. This issue occurs only on Windows 11 24H2. [CVADHELP-26231]

2405.10

What’s new

Note:

The minimum Microsoft Visual C++ Redistributable version required for Citrix Workspace app for Windows 2405.10 is 14.40.33810.0.

This release addresses issues that help to improve overall performance, security, and stability.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 126.1.1.23, based on Chromium version 126. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Fixed issues

  • The enhanced domain pass-through for single sign-on feature might not support Windows 11 22H2. For more information, see Enhanced domain pass-through for single sign-on documentation. [HDX-63918]

  • You might fail to sign in to Citrix Workspace with Workspace Environment Management (WEM) tool hub when you use Active Directory and token for authentication. [CVADHELP-25836],[RFWIN-35974]

  • You might fail to add Citrix Gateway URL using Storebrowse and might fail to open sessions when using EPIC WarpDrive. This issue occurs due to case sensitivity of the Storebrowse process name given while creating. [RFWIN-35687], [CVADHELP-25736]

  • When Citrix Workspace app uses Fast Connect 3 Credential Insertion API for authentication, you might notice that the CtxCredApi.dll, which is used to inject credentials in SSON server, is present only for x64 systems. As a result, you might not be able to use the CtxCredApi.dll when running on x86 apps. [RFWIN-35818]

  • Browser Data Encryption might not work if the user data isn’t stored on the same drive where the OS is installed. [DATAP-896]

  • Copying files from a virtual session and pasting it to your local system doesn’t work after upgrading Citrix Workspace app to 2405 version. [CVADHELP-26010]

  • You might fail to open apps and desktops and might get a connection timeout error. This issue occurs in Citrix Workspace app for Windows version 2405. [CVADHELP-25900]

  • You might fail to add Citrix Gateway URL using Storebrowse and might fail to open sessions when using EPIC WarpDrive. This issue occurs due to case sensitivity of the Storebrowse process name given while creating. [CVADHELP-25736]

  • The App Protection USB Filter Driver exclusion list might not work when configured using GACS. [APPP-3229]

2405

What’s new in 2405

Compatibility with the higher versions of .NET

Citrix Workspace app for Windows version 2405 is compatible with the higher versions of .NET that are supported on your system. To ensure this compatibility, Citrix Workspace app follows these installation rules:

  • If .NET 6.0.20 or any supported higher version of .NET is installed on the system, Citrix Workspace app does not install any additional .NET versions.
  • If.NET isn’t installed on the system or a version less than 6.0.20 is installed on the system, Citrix Workspace app installs .NET version 6.0.25.
  • If you install any supported higher version of .NET, Citrix Workspace app is compatible with the highest available .NET version. For example, you can install .NET 8.x and uninstall .NET 6.0.25. In this case, Citrix Workspace app uses the .NET 8.x version.

Single sign-on support for ARM64-based devices

From this 2405 release, Citrix Workspace app for Windows supports the single sign-on feature on the ARM64-based devices. For more information on single sign-on, see the Authentication page.

New Add-ons and packaging

From Citrix Workspace app for Windows 2405 version, you can choose the following from the Add-on(s) page during the upgrade of Citrix Workspace app:

  • Start App Protection after installation
  • Enable single sign-on
  • Install Microsoft Teams VDI Plugin

You can uninstall the Microsoft Teams Optimization VDI plug-in independent of Citrix Workspace app.

Note:

If a plug-in is already installed on your system, that plug-in option is selected automatically for upgrade. Also, if you don’t have sufficient privileges to download the plug-in, that option won’t be visible on the Add-on(s) page.

Add-ons

Configure store names for your store URL

With this feature, admins can give the stores a user friendly name to recognize. In addition, admins can enable or disable the ability for end users to modify the store name on their Citrix Workspace app.

For more information, see Configure store names for your store URL.

Improved Beacon checker tool

As part of the Configuration Checker utility, Citrix Workspace app allows you to do a beacon test using the Beacon checker tool.

Earlier the Beacon test supported only the ping.citrix.com beacon. Starting from Citrix Workspace app for Windows 2405 version onwards, beacon test works for all the beacons configured in the store added in Citrix Workspace app.

For more information, see Configuration Checker and Beacon test.

Option to prevent endpoint from going to sleep when a session is active

When a user with an active session stays away from the virtual desktop without any mouse or keyboard activity, the endpoint device might go into sleep mode after completing the set time for Windows sleep mode. As a result, the Citrix session might be disconnected and when the user returns to the session, the user might be unable to reconnect to the existing session.

With this release, a new policy named Power Management is introduced to prevent the endpoint devices from going to sleep when a session is active.

For more information, see Option to prevent endpoint from going to sleep when a session is active.

Enhancement to relative mouse

With this release you can restrict the usage of the mouse to the window using the preferences UI available from the toolbar. This enhancement helps you to use the apps that need to monitor mouse movement extending to or beyond the boundaries of the virtual desktop’s screen. These apps include third-party apps or those apps that scroll a view in response to mouse movement. For more information, see Enhancement to relative mouse.

Share system audio

You can now share the audio playing on your VDA with participants in a meeting. Select the Include computer sound option to make your meetings more engaging. This feature is enabled by default. For end users, to use the feature, turn on Include computer sound on before sharing their screen.

Include computer sound

Limitations:

  • Audio cannot be shared using this feature when sharing the screen with RAVE and BCR redirected apps or tabs.
  • This feature is supported only on published desktops.

Upgraded version of WebRTC for the optimized Microsoft Teams

The version of WebRTC that is used for the optimized Microsoft Teams is upgraded.

Support for MJPEG webcams

Starting with the 2405 version, MJPEG webcams are supported in the H264 stream. The webcam performs MJPEG compression internally which provides better image quality and a higher frame rate.

This feature is enabled by default. However, if certain Webcam doesn’t support MJPEG, this feature is disabled.

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) is upgraded to 124. This upgraded version includes fixes for known security vulnerabilities.

Enhanced System Logs for browser content redirection

With the enhancements to the System Logs, browser content redirection now allows admins to monitor the feature status. For more information, see Browser content redirection.

App Protection support for double-hop scenario

Starting with the Citrix Workspace app for Windows 2405 version, App Protection is supported for the double-hop scenario when installed on a workstation VDA (such as Windows 10 or Windows 11) for a single-session VDA.

The following features are currently supported:

For more information, see App Protection with double-hop scenario.

App Data Protection [Technical Preview]

App Data Protection is a feature that provides enhanced security when using the Citrix Enterprise Browser.

When you are using the Citrix Enterprise Browser enabled with the App Data Protection feature, it protects the following by encrypting them:

  • Auto-fill data
  • Bookmarks
  • Browser cache

  • Browser storage folders

    Note:

    Browser storage folders don’t include user downloads.

  • Cookies
  • History
  • Network cache
  • Password vault
  • Settings

Note:

You can only access the encrypted data by opening them using the Citrix Enterprise Browser.

App Data Protection doesn’t protect the following:

  • Downloaded files
  • Extensions

To configure the App Data Protection feature, see App Data Protection.

Disclaimer:

Browser encryption policies provide device level encryption for data generated through Citrix Enterprise Browser. Please note however that we do not guarantee such device level encryption through Citrix Enterprise Browser will protect any end user device. While we continue to identify and address changes to encryption technology to better optimize our product, we also do not guarantee protection of specific configurations and deployments or for users with elevated privileges.

Limitations
  • If the App Data Protection feature isn’t enabled in the primary store, the App Data Protection will not be enabled for any store. As a workaround, you can limit users to add only one store to your Citrix Workspace app. This ensures that the App Data Protection remains enabled for the connected store always.
  • When App Data Protection is disabled on GACS, the encrypted items (as listed in the preceding section) are deleted.
  • Admin user can access other system users’ cache data through Citrix Enterprise Browser.

For more information, see App Data Protection.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 126.1.1.20, based on Chromium version 126. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Modify the user-agent of Citrix Enterprise Browser

Administrators can now modify the Citrix Enterprise Browser’s user-agent for any internal web or SaaS apps. You can configure this through Global App Configuration service. This feature provides the flexibility to create different variations of the user-agent for Citrix Enterprise Browser, which you can use for various uses.

One such use-case is the ability to restrict the internal web or SaaS apps to open only in Citrix Enterprise Browser. In addition to modifying the user-agent, you need to configure the Identity Provider (IdP) to perform a conditional check that verifies whether the end user is trying to open the app using Citrix Enterprise Browser or a native browser. The IdP opens the app only if end user tries to access it using Citrix Enterprise Browser. This restriction prevents users from accessing sensitive information in these apps from other browsers.

For more information, see Use Case 3c - Restrict apps to Citrix Enterprise Browser by modifying its user-agent.

Additional security restrictions for the Citrix Enterprise Browser

Citrix introduces additional access restrictions to enhance the security and user experience of Citrix Enterprise Browser with Secure Private Access and Global App Configuration service (GACS).

Restrictions managed through Secure Private Access

Copy:

Administrators can enable or disable copying of data from a SaaS or internal web app with this access policy when accessed using Citrix Enterprise Browser. The default value is Enabled.

For more information, see the Copy restriction in the Secure Private Access product documentation.

Paste:

Administrators can enable or disable pasting of copied data into the SaaS or internal web app with this access policy when accessed using Citrix Enterprise Browser. The default value is Enabled.

For more information, see the Paste restriction in the Secure Private Access product documentation.

Personal data masking:

Administrators can use the Personal data masking restriction to mask various types of sensitive information such as credit card numbers, social security numbers, and dates. Also, you have the flexibility to define custom rules for detecting specific types of sensitive information and masking it accordingly. The Personal data masking restriction has the option to fully or partially mask the information.

For more information, see Personal data masking.

Upload restriction by file type:

Administrators can restrict file uploads based on MIME (multi-purpose internet mail extensions) types. Unlike the Uploads policy, which allows you to enable or disable all file uploads, the Upload restriction by file type restriction allows you to enable or disable file uploads for specific MIME types.

For more information, see Upload restriction by file type.

Download restriction by file type:

Administrators can restrict file downloads based on MIME (multi-purpose internet mail extensions) types. Unlike the Downloads policy, which allows you to enable or disable all file downloads, the Download restriction by file type restriction allows you to enable or disable file downloads for specific MIME types.

For more information, see Download restriction by file type.

Printer management:

Enterprises can now prevent the printing of confidential documents and unauthorized data sharing. Admins can configure this policy through Secure Private Access. Admins can configure the behavior for network printers, local printers, and print using the Save as PDF option.

The following options are available for administrators to control access to printers for the end users:

  • Network printers: A network printer is a printer that can be connected to a network and used by multiple users.
    • Disabled: Printing from any network printers in the network is disabled.
    • Enabled: Printing from all network printers is enabled. If printer host names are specified, then all other network printers apart from the ones specified are blocked.

    Note:

    Printers are identified by their host names.

  • Local printers: A local printer is a device directly connected to an individual computer. This connection is typically facilitated through Bluetooth, USB, parallel ports, or other direct interfaces.

    • Disabled: Printing from all local printers is disabled.

    • Enabled: Printing from all local printers is enabled.

  • Print using Save as PDF

    • Disabled: The Save as PDF option for saving the content in PDF format is disabled.

    • Enabled: The Save as PDF option for saving the content in PDF format is enabled.

Note:

  • If the admin has disabled certain printing options, then those options appear grayed out to the end users.
  • End users can’t use the network printer if it is renamed on their device.

Clipboard restriction for Security groups:

In Secure Private Access, administrators can restrict clipboard access to any designated group of apps. These designated groups of apps are created as Security groups in Secure Private Access, so that the end users are permitted to copy and paste contents only within that Security groups. There is also an Advanced option to enable copy and paste contents between Security groups and other local apps on the machines or unpublished web apps.

For more information, see Clipboard restriction for Security groups.

Restrictions managed through the Global App Configuration service

Clipboard restriction:

In GACS, administrators can use the Enabled Sandboxed Clipboard option to manage clipboard access. When you restrict clipboard access through GACS, all content copied from any website accessed within the Citrix Enterprise Browser can’t be pasted outside the Enterprise Browser. Similarly, any content copied from native apps can’t be pasted into any website accessed within the Enterprise Browser.

For more information, see Clipboard restriction.

Audio Capture Allowed:

Administrators can use this setting to enable or disable audio capture access. When an administrator enables this setting, or leaves it unset, users are prompted to allow audio capture access. When an administrator disables this setting, these prompts are turned off, and audio capture is blocked.

For more information, see Audio Capture Allowed.

Video Capture Allowed:

Administrators can use this setting to enable or disable video capture access. When an administrator enables this setting, or leaves it unset, users are prompted to allow video capture access. When an administrator disables this setting, these prompts are turned off, and video capture is blocked.

For more information, see Video Capture Allowed.

Technical Preview

  • Browser Content Redirection and Microsoft Teams Optimization support for ARM64-based devices

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

  • When the ICA-prefix keywords are set for a cloud hybrid session and when a user reconnects to the disconnected desktop, the user might fail to see the prompt that appears to sign out from the desktop session. [WSP-24115]

  • You might fail to add a custom portal store using the group policy editor when the storeAdditionAllowType is set to single in the Global App Config service. [RFWIN-35218]

  • When you enable the VPrefer policy, the apps that require User Account Control (UAC) elevation might fail to open. [RFWIN-35169]

  • When the NetScaler Gateway store is configured through the command line or Group Policy Editor, you might not be able to sign in to the store and might get the following error message:

    “Unable to connect to the Server check your network connection” [RFWIN-35180]

  • You might be able to click the resources in Citrix Workspace app for Windows multiple times in a short duration before the resource is successfully launched. [RFWIN-35268]

  • When an admin enables the Name enforced by admin property and then updates the store name, the updated name might not appear on the UI when you reopen the Citrix Workspace app. [RFWIN-32918]

  • You might notice that the echo cancellation might not be supported with Citrix Workspace app. [HDX-63363]

  • H265 444 on Intel might result in artifacts being visible in the session. [HDX-60061]

  • You might fail to add a custom portal store using the group policy editor when the storeAdditionAllowType is set to single in the Global App Config service. [RFWIN-35218]

  • When you switch from a desktop session to the endpoint native session of another user and then switch back to the desktop session, you might observe a gray screen. This issue occurs when using the desktop lock feature and when using multiple monitors. [CVADHELP-24582]

  • After you perform the Cylance Antivirus update, you might notice a Blue Screen of Death (BSOD) on users device. This issue occurs when the Citrix Workspace app is installed on the user device. [CVADHELP-24776]

  • You might notice that the shortcut keys that are used internally in your organization don’t work in the virtual session when using Citrix Workspace app 2311. These shortcut keys include any combination of Windows key + modifier keys such as (Ctrl/ Alt/ Shift) + L or U. For example: Windows key + Alt + L. [CVADHELP-25150]

  • Citrix HDX session might get in to an unresponsive state when the virtual channel for scanners is initiated. [CVADHELP-24681]

  • App Protection anti-keylogging bypass when using special keys. [CVADHELP-24452]

  • Installation of the Crestron app might fail, if you have installed DG Solutions and Citrix Workspace app for Windows with App Protection feature enabled. [CVADHELP-24476]

  • Microsoft Teams might fail to optimize due to time out issue. This issue occurs randomly and from Citrix Workspace app version 2210 or later. [CVADHELP-22867]

  • When you open Citrix Workspace app on an endpoint device, the store configuration might be incomplete and the apps might fail to enumerate intermittently. [CVADHELP-25179]

  • When Citrix Workspace app is running and configured with a store, you might notice a timeout issue with the third-party app due to flushing of DNS cache by Citrix Workspace app. [CVADHELP-24594]

  • When Citrix Workspace app uses Fast connect 3 credential insertion API for authentication, you might notice that the apps and desktops corresponding to the previous user are loaded. [CVADHELP-24011]

  • If you’re using multiple monitors and the Desktop Viewer is maximized across them, the VDA might receive an incorrect mouse position when you start dragging. This issue occurs on the Citrix Workspace app for Windows 2203 LTSR version and on the Citrix Workspace app for Windows version 2402. [CVADHELP-24688]

  • When you uninstall Citrix Workspace app for Windows as an admin and then install the Citrix Workspace app’s 2402 LTSR version in a user mode, you might fail to open a session. [CVADHELP-25341], [HDX-65644]

  • In a double-hop scenario, the ALT +TAB key might not work on macOS clients. [CVADHELP-23085]

  • If a full-screen HDX session is on focus, and the endpoint is locked using Ctrl+Alt+Del, users might be unable to type anything after unlocking. [CVADHELP-24512]

2403.1

What’s new

This release addresses issues that help to improve overall performance, security, and stability.

Fixed issues in 2403.1

  • When you are using a virtual desktop session, the keyboard shortcuts with Alt might not work as expected. For example, Ctrl + Alt + Break, which is used to access the menu options of Desktop Viewer toolbar and to toggle between the windowed and the full-screen modes. [RFWIN-31815]
  • If you have a RealTime Media Engine (RTME) older than 2.9.700 version installed on the end point device, you might fail to open published apps or desktops. This issue occurs on Citrix Workspace app for Windows 2403 and on Citrix Workspace app for Windows 2402 LTSR versions. [HDX-63684]

2403

What’s new

The following features are added in this release:

Sustainability initiative for cloud hybrid launch

Note:

This feature was previously available for native launches (cloud and on-premises) from the Citrix Workspace app 2309 version onwards.

From the Citrix Workspace app 2403 version, this feature is available for hybrid launches on cloud. After this feature is enabled, a prompt appears to sign out from the desktop session when a user closes a virtual desktop. This feature helps conserve energy if there are Windows OS policies that are used to shut down VMs when no users are logged in. You can also customize the text that appears on the Save energy screen. For more information, see Sustainability initiative for cloud hybrid launch.

Enhanced domain pass-through for single sign-on (Enhanced SSO)

Previously, Citrix Workspace app for Windows supported only SSON or domain pass-through authentication for single sign-on to Citrix Virtual Apps and Desktops environments using user credentials. This authentication enables the user to authenticate to the domain on their device and use their virtual apps and desktops without having to reauthenticate again.

With this release, Citrix Workspace app supports enhanced domain pass-through which is a new method of SSO. It uses Kerberos authentication instead of user credentials. Users can now sign in to Citrix Virtual Apps and Desktops and to StoreFront using integrated windows authentication. For more information, see Enhanced domain pass-through for single sign-on (Enhanced SSO).

Support for advanced NetScaler policies for Storebrowse on Windows

Citrix Workspace app for Windows now supports advanced policies on NetScaler Gateway with Storebrowse. The supported authentication protocol is LDAP authentication. Storebrowse is a command-line utility that interacts between the client and the server. It’s used to authenticate all the operations within StoreFront and with Citrix Gateway. For more information, see the Storebrowse page.

Note:

The nFactor authentication protocol isn’t supported with Storebrowse on Windows.

Install Microsoft Teams VDI plug-in for Citrix

You can now install the Microsoft Teams VDI plug-in during the installation of Citrix Workspace app using one of the following options.

Note:

For version compatibility with VDI and configuration details, see Microsoft Teams 2.1 supported for VDI/DaaS and New Microsoft Teams VDI requirements.

Hide Troubleshooting and Send Feedback options for end users

Admins can now hide the troubleshooting and send feedback options for their end users using the GPO editor. Once this setting is enabled, the Troubleshooting and Send Feedback options which were previously visible to the end users on the system tray is hidden. For more information, see Hide Troubleshooting and Send Feedback options for end users.

App Protection

Screen Capture Allow List

If Citrix Workspace app, virtual apps and desktops, or SaaS apps are enabled with the App Protection Anti-screen capture policy, then you can’t capture their screens using any screen-capturing tool.

However, starting from the Citrix Workspace app for Windows 2403 release, the Screen Capture Allow List feature enables you to add an app to the screen capture allow list. This feature enables you to use the allow listed app and capture the screen of the resource enabled with the App Protection Anti-screen capture policy. For more information, see Screen Capture Allow List.

Process exclusion list

When you launch any process or application on your device, App Protection DLLs are injected into each process if the App Protection is enabled. Sometimes, this might cause the process or application not to work due to compatibility issues with the DLL.

Starting from the Citrix Workspace app for Windows 2403 release, you can add any process to the Process exclusion list to avoid the injection of the App Protection DLL into that particular process and recover from any compatibility issues caused by the presence of App Protection DLLs. For more information, see Process exclusion list.

USB Filter Driver Exclusion List

Sometimes, when you’re using specialized external keyboards such as gaming keyboards with the Citrix Workspace app, the App Protection USB Filter Driver might cause compatibility issues and block you from using the keyboard.

Starting from the Citrix Workspace app for Windows 2403 release, the USB Filter Driver Exclusion List feature allows you to exclude any USB device that has compatibility issues with the Citrix Workspace app using the device Vendor ID and Product ID. For more information, see USB Filter Driver Exclusion List.

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) is upgraded to 120. This version upgrade helps to resolve security vulnerabilities.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 123.1.1.9, based on Chromium version 123. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Security indicator when visiting websites

Citrix Enterprise Browser now displays a security indicator on the address bar when users visit any websites. The indicator aims to inform users about the security aspects of the websites, such as whether it’s an internal site or if there are any potential security restrictions. The indicator provides more information when you click it. The indicator appears on the Enterprise browser by default, and it enhances the user experience.

Security indicator restrictions

Security indicator internal

Citrix Enterprise Browser introduces more settings in the Global App Configuration service

More settings have been added into the Global App Configuration service (GACS) for configuring Citrix Enterprise Browser.

  • Enable autofill address - Allows administrators to enable or disable the autofill suggestions for addresses.
  • Enable autofill credit card - Allows administrators to enable or disable the autofill suggestions for credit card information.
  • Auto launch protocols from origins - Allows administrators to specify a list of protocols that can launch an external app from the listed origins without prompting the user.
  • Enable command-line flag security warnings - Allows administrators to display or hide security warnings, which appear when potentially dangerous command-line flags try to launch the Enterprise Browser.
  • Manage default cookies setting - Allows administrators to manage cookies for a website.
  • Manage default pop-ups setting - Allows administrators to manage pop-ups from a website.
  • Extension install sources - Allows administrators to specify valid sources for users to install extensions, apps, and themes.
  • Disable lookalike warning pages - Allows administrators to specify the preferred domains where lookalike warning pages don’t display when the user visits pages on that domain.
  • Enable payment method query - Allows administrators to enable websites to check whether the users have saved payment methods.
  • Manage saving browser history - Allows administrators to manage the saving of Enterprise browser history.
  • Manage search suggestion - Allows administrators to enable or disable search suggestions in the Enterprise browser’s address bar.
  • Enable export bookmark - Allows administrators to enable an option to export the bookmarks in the Enterprise Browser.
  • Force ephemeral profiles - Allows administrators to clear or persist user profile data when users close the Enterprise Browser.

For more information, see the Manage Citrix Enterprise Browser through Global App Configuration service page in the Citrix Enterprise Browser documentation.

For more information on example JSON data, see Example JSON data.

Citrix Endpoint Analysis

With this release, the EPA Client is bundled with the Citrix Workspace app installer. To install the client, Citrix Workspace app must be installed with the command line option InstallEPAClient.

Example: ./CitrixworkspaceApp.exe InstallEPAClient

Note:

EPA isn’t installed by default.

In this release, the EPA version packaged is 23.11.1.20.

Deprecation of Citrix Workspace app support

Starting from the 2403 release, support for XenApp Services URLs (also known as PNAgent) for connecting to stores is deprecated. Use Citrix Workspace app to connect to stores using the store URL. For reference, see:

Technical Previews in 2403

  • Share system audio

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues in 2403

  • You might notice that there’s no automatic focus inside the virtual desktop that is opened in full-screen mode. You must click inside the session to regain focus. [RFWIN-32051]

  • On reconnecting published apps an extra instance of a published app gets opened. [CVADHELP-24485]

  • The Windows Surface touch pad and soft keyboard might not be supported on the Citrix Workspace app sign-in screen. This issue occurs when you sign in to a session that is published from Windows VDA in full-screen mode. [RFWIN-32050]

  • Two instances of a published application, for example app1, are observed after app1 is disconnected and another app is launched from the same VDA. [RFWIN-32517]

  • For the Windows 10 32bits x86 version, the Enable Background blur checkbox is removed as the background blur effect isn’t supported on this version. [HDX-60308]

  • You might notice visual artifacts when attempting to split the screen or adjust the primary monitor within the Monitor Layout tab on the Preferences screen. [HDX-59798]

  • Windows Media Player (WMP) shows a black screen with rave enabled on one monitor when the primary monitor isn’t the leftmost monitor (when multiple GPUs are involved). [HDX-60494]

  • When you share a screen and include the computer sound, if multiple audio output devices are playing sound, one or more receivers might notice sound artifacts. [HDX-48213]

  • BCR might play multiple audio streams at the same time instead of one active stream. [HDX-61600]

  • If you use external monitors and then switch to a single monitor (for example laptop), the size of Citrix Workspace app menu options, UI text, and dialog boxes might appear smaller than the normal display size. [HDX-47575]

  • If you’re using mono audio for stereo audio streams, you might hear only one audio channel in one earpiece instead of receiving both channels on both ears. [HDX-56344]

  • While uninstalling Citrix Workspace app 2403 for Windows - Preview version from the Control Panel > Programs > Programs and Features, the following pop-up appears:

Uninstall

The issue occurs intermittently on Windows 11 machines. Also, this issue doesn’t occur in any other uninstallation methods including uninstall from Start > Apps > Apps & Features. The uninstallation is completed successfully even though you get the preceding error message. [RFWIN-32669]

  • Screen sharing from chat in Microsoft Teams is not supported. [HDX-62146]

  • Citrix Workspace app installer stops responding during fresh installation if Unicode characters are specified in the command line during installation. [RFWIN-32987]

  • When you upgrade to Citrix Workspace app 2403 version, the InstallEmbeddedBrowser=N command is not executed if Citrix Enterprise Browser is already installed. [RFWIN-33169]

  • Citrix Workspace app startup process might run within published app sessions by default. If you want to run the startup process in a published app session, configure the registry key RunCWAInPublishedAppSession of type DWORD in HKLM/Software/Wow6432Node/Citrix/ICA Client. [CVADHELP-24070]

2311.1

What’s new

The following features are added in this release:

Note:

Starting with Citrix Workspace app for Windows version 2311.1, Internet Explorer-based browser content redirection is deprecated. The alternate option is to use Google Chrome-based browser content redirection.

Introducing new installer for Citrix Workspace app

The user interface of the Citrix Workspace app installer is revamped to give a modern, easy outlook, and a better user experience. By default, the new installer is enabled.

Prerequisites:

.Net Desktop Runtime 6.0.20 or later is an additional prerequisite for the new installer. For other requirements, see System requirements section.

The new installer is enabled by default. For more information, see User interface based installation.

Note:

Starting with Citrix Workspace app for Windows 2311.1 version, the TrolleyExpress is replaced with CWAInstaller-<date and timestamp>. For example, the log is recorded at C:\Program Files (x86)\Citrix\Logs\CTXWorkspaceInstallLogs-20231225-093441.

Support for Activity Manager on cloud stores

Citrix Workspace app for Windows supports the Activity Manager feature. This feature lets end users view and interact with all their active apps and desktop sessions in one place. To view active sessions in the Activity Manager, click the Activity Manager icon. You can perform the following actions on an app or desktop by clicking the respective ellipsis(…) button from the Activity Manager:

  • Log out: Logs out from the current session. All the apps in the session are closed, and any unsaved files are lost.
  • Disconnect: The remote session is disconnected but the apps and desktops are active in the background.
  • Restart: Shuts down your desktop and start it again.
  • Shutdown: Closes your disconnected desktops.
  • Force quit: Forcefully power off your desktop if there is a technical issue.
  • Click the X button to terminate the active app session from the Activity Manager.

For more information, see Activity manager.

Note:

This feature is available in Citrix Workspace app for Windows only if the new Workspace experience is enabled.

Automatic selection of video codec

With this release, Citrix Workspace app for Windows now automatically detects the best video codec to use. During installation of the Citrix Workspace app for Windows, the decoding capabilities of the endpoint are evaluated. Based on this information, Citrix Workspace app for Windows selects the best codec to use with the VDA when the session starts. The order in which the video codecs are evaluated is as follows:

  1. AV1
  2. H.265
  3. H.264

This feature is available when the Use video codec for compression policy is set to one of the following:

  • Use when preferred
  • For the entire screen
  • For actively changing regions

For more information on the Use video codec for compression policy, see Use video codec for compression.

The automatic selection only applies to YUV 4:2:0 variants of these codecs. YUV 4:2:0 uses less bandwidth compromising quality. If the Visual Quality policy setting is set to Build-to-Lossless or Always Lossless and if the Allow Visually Lossless policy is set to enabled, the automatic selection of the video codec is disabled and instead YUV 4:4:4 H.264 or H.265 is used.

For more information on these policies, see the following:

This feature is enabled by default.

For more information, see Automatic selection of video codec.

H.265

Citrix Workspace app supports the use of the H.265 video codec for hardware acceleration of remote graphics and videos. H.265 video codec must be supported and enabled on both the VDA and Citrix Workspace app.

Starting with Citrix Workspace app 2311.1, this feature is enabled automatically with the introduction of the Automatic selection of video codec feature.

For more information, see the H.265 documentation.

AV1

Citrix Workspace app supports the use of the AV1 video codec for hardware acceleration of remote graphics and videos. AV1 video codec must be supported and enabled on both the VDA and Citrix Workspace app.

Starting with Citrix Workspace app 2311.1, this feature is enabled automatically with the introduction of the Automatic selection of video codec feature.

For more information, see the AV1 documentation.

Loss tolerant mode for audio

With this release, Citrix Workspace app supports Loss tolerant mode (EDT lossy) for audio redirection. This feature improves the user experience for real-time streaming when users are connecting through networks with high latency and packet loss.

You need to use VDA version 2311 or later. By default, this feature is enabled on Citrix Workspace app for Windows. However, it is disabled on VDA.

For more information, see the Loss tolerant mode for audio documentation.

Synchronize multiple keyboards at session start

Previously, only the active keyboard on the client was synchronized with VDA after the session started in full-screen mode. In this scenario, if you configured Sync only once - when session launches on your Citrix Workspace app, and you had to change to a different keyboard, you have to manually install the keyboard on your remote desktop. Similarly, if you configured Allow dynamic sync on your Citrix Workspace app, you have to move to windowed mode, change the keyboard on your client, and then move back to full-screen mode.

With this release, all available keyboards on the client are synchronized with VDA after the session starts in full-screen mode. You can select the required keyboard from the list of installed or available keyboards on the client after the session starts in full-screen mode. The feature Synchronize multiple keyboards at session start is enabled by default on VDA, and disabled by default on the Citrix Workspace app.

For more information, see the Synchronize multiple keyboards at session start documentation.

Improved performance of BCR

Previously, BCR used client-side disk space cache and the cached information wasn’t deleted during an upgrade. This setting resulted in higher disk space usage over time and inconsistent behavior while a page is redirected using BCR.

With this release, to resolve this issue, BCR uses an in-memory cache. This enhancement helps to improve the performance of BCR.

This feature is disabled by default.

For more information, see Improved performance of BCR.

Version upgrade for Chromium Embedded Framework

The version of the Chromium Embedded Framework (CEF) is upgraded to 117. This version upgrade helps to resolve security vulnerabilities.

Important update on App Protection file and driver names

Starting with Citrix Workspace app for Windows 2311.1, the following file and driver names are updated as follows:

Existing name New name
EntryProtect.dll ctxapdotnet.dll
entryprotect.sys ctxapdriver.sys
epclient32.dll ctxapclient32.dll
epclient64.dll ctxapclient64.dll
epinject.sys ctxapinject.sys
epusbfilter.sys ctxapusbfilter.sys
entryprotectdrv ctxapdriver
epinject6 ctxapinject

These files are installed at %ProgramFiles(x86)%\Citrix\ICA Client by default.

If you’ve added any of the preceding file or driver names to the allow list in your environment, update the allow list.

Enhancement to background blurring and effects for Microsoft Teams optimization with HDX

Starting with Citrix Workspace app version 2311.1, you can select the following options for background blurring and effects:

  • No background effect
  • Select Background Blurring
  • Select Background Image

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 119.1.1.60, based on Chromium version 119. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Improved user experience

Previously, Citrix Enterprise Browser displayed a reconnection modal when you attempted to perform an action after your session expired. Starting with Citrix Workspace app for Windows version 2311.1 (which corresponds to the Chromium version 119.1.1.60), there is no longer a reconnection modal. Instead, a loading icon now appears on the browser tab when you attempt to perform any action after your session expires.

Improved watermark design

Citrix Enterprise Browser now has a new watermark design that is less intrusive and provides a better user experience.

Support for custom browser extension

Citrix Enterprise Browser has expanded its extension capabilities. Previously, only extensions from the Chrome Web Store were permitted. Citrix Enterprise Browser now allows you to add custom extensions securely. Administrators can configure custom extensions as part of the mandatory list. End users can access and use these extensions either using citrixbrowser://extensions or by clicking the Extensions option under the More button as needed. For more information on how to configure the custom extensions, see Mandatory custom extension.

Simplified SSO for Web and SaaS apps through the Global App Configuration service

Previously, single sign-on (SSO) was configured for Citrix Enterprise Browser using the PowerShell module. Now, this simplified SSO feature allows you to configure SSO in Citrix Enterprise Browser by using a newly introduced setting in the Global App Configuration service (GACS). Administrators can use this new setting to enable SSO for all web and SaaS apps in Citrix Enterprise Browser. This method eliminates the need for the complex PowerShell module. For more information on how to manage SSO through GACS, see Manage single sign‑on for Web and SaaS apps through the Global App Configuration service.

Note:

We recommend you to restart Citrix Workspace app when you modify the Citrix Enterprise Browser settings in GACS. However, you can also wait for the automatic refresh to complete. For more information on the sync duration of policies fetched from GACS, refer Frequency of settings update.

Extending simplified single sign-on functionality to StoreFront

The single sign-on (SSO) feature is now available for StoreFront, which assures a unified SSO experience. This new capability eliminates the need for users to authenticate separately when accessing apps through StoreFront. To facilitate this SSO feature, use the same Identity Provider (IdP) for both Web and SaaS apps, and for StoreFront. For more information on how to manage SSO through GACS, see Manage single sign‑on for Web and SaaS apps through the Global App Configuration service.

Manage pass-through authentication in Citrix Enterprise Browser

Pass-through authentication (PTA) is a feature of Azure AD Connect. PTA is an authentication method where the user credentials are passed from the client machine to the server. You never see it as it happens on the back end. In this method, the client machine directly communicates with the authentication server to validate the user’s credentials. PTA is typically used when your client machine and the authentication server trust each other, and your client machine is considered to be secure. For more information on Microsoft Azure AD pass-through authentication, see Microsoft Entra ID seamless single sign-on.

To facilitate pass-through authentication, you need the Windows Accounts extension to interact with applications that require Azure AD based access within the Enterprise Browser. Administrator need to configure this Windows Accounts extension as part of the mandatory list under ExtensionInstallForcelist. For more information on the configuration of mandatory extensions, see Mandatory extension.

Enhanced capabilities on monitoring end user activities

Previously, administrators were unable to monitor end user activities such as App accessed and Traffic type. Starting with Citrix Workspace app for Windows 2311.1 (corresponding to Chromium version 119.1.1.60), you can now monitor these details as well.

  • App accessed: Enterprise Browser provides information about all the apps accessed by the end user, provided the app is listed in the policy document.
  • Traffic type: Enterprise Browser provides information about whether data is sent directly or through Secure Private Access authentication.

To monitor the end user activities from the Enterprise Browser, use the Citrix Analytics service using your Citrix Cloud account. After signing in to Citrix Cloud, navigate to Analytics > Security > Search. There, you can refer to Apps and Desktops under the Self-Service Search section. For more information on Citrix Analytics, see Getting started.

Technical Previews in 2311.1

  • Support for TLS protocol version 1.3

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues in 2311.1

  • For a fresh install, the option to enable SSON is not available on the Installer UI. For more information, see User interface-based installation. [RFWIN-32482]

  • Launch of a second seamless app fails if SSL is enabled and session reliability is turned off. If a seamless app is launched, the subsequent launch of another seamless app to the same server must be launched in the existing session (session sharing), while the client tends to launch the app in a new session causing an unexpected validate request to be sent to the broker. [CVADHELP-24549]

Session/Connection

  • If connection lease was enabled for a cloud store, Citrix Workspace app for Windows started sessions successfully even after the session limit is exceeded. [CVADHELP-23771]
  • You might fail to add a store when the top-level-domain (TLD) of the store URL is fewer than two characters or when there is no TLD. [CVADHELP-23973]

  • When you use smartcard authentication, adding a store might fail with the following error message:

    “This store doesn’t exist. Please retry or contact support.”

    This issue occurs with Citrix Workspace app for Windows 2309 and later versions. [CVADHELP-24127]

  • You might fail to add a cloud store that uses Azure AD authentication and you might get the following error message:

    “Unable to connect to the server”

    This issue occurs with Citrix Workspace app versions 2309 and 2309.1. [CVADHELP-24187]

  • Citrix Workspace app with SAML2 and FAS authentication might fail to sign in automatically on session unlock even when the WSCReconnectMode for Workspace control is set to reconnect on Windows sign‑on and when the Silent authentication to Citrix Workspace policy is enabled. [CVADHELP-23018]
  • Bloomberg Keyboard 5 Biometric Module might fail to connect automatically even when automatic redirection of client USB devices is on. [CVADHELP-22673]
  • Citrix Workspace might fail to enumerate the published resources for a brief amount of time when connecting to a Global server load balancing (GSLB) URL. This issue occurs when the established StoreFront server encounters any issues that cause a GSLB controlled Virtual IP (VIP) address change in the endpoint. [CVADHELP-22467]

User experience

  • Attempts to refresh might fail on custom domain stores. [CVADHELP-23733]
  • When you change the store configuration using the Group Policy Object Template or using the command-line, you might notice a white screen. [CVADHELP-23801]
  • When multiple accounts are configured through GPO and you activate any disabled account, Citrix Workspace app always switches to all accounts view instead of the selected single account. [CVADHELP-24018]
  • The arrow keys, function keys, and number keys on Numpad don’t work on the Corsair K70 Keyboard when Citrix Workspace app for Windows version 2309 is installed by selecting the Start App Protection after installation checkbox. [CVADHELP-23450]

  • In high latency environments, a jittery movement might be observed in the mouse cursor on Citrix Workspace app when the Use relative mouse setting is enabled.

    To enable the fix, modify the default.ica file in StoreFront at C:\inetpub\wwwroot\Citrix\Store\App_Data\default.ica.

    Add RelMouseSyncTimeout=xxx(min 10 to max 1000) to the [WFClient] section.

    Or

    Set the following registry key on the endpoint:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient

    Name: RelMouseSyncTimeout

    Type: STRING

    Value: The minimum value is 10 and the maximum value is 1000

    [CVADHELP-21829]

  • You might notice that the app opens even after closing Citrix Workspace app when you highlight an app using the tab, then close Citrix Workspace app, and then press Enter. [CVADHELP-22700]
  • In certain scenarios, when Citrix Workspace app fails to start apps or desktops, you might get two error messages, where one message appears in a dialog box and the other is a toast notification. [RFWIN-31561]
  • When you sign in as an administrator after the desktop lock feature is enabled, you might be signed off from Citrix Workspace app if you click OK in the following pop-up message: “Administrator sign-in is detected. An elevated action is required to restore the shell for normal access.” [RFWIN-31949]
  • After visiting a browser content redirected site, if you sign out from the user session, an error message might appear. [HDX-54552]
  • Webcams in double-hop sessions don’t work as expected. This issue occurs when you use Citrix Workspace app for Windows to open virtual desktops or apps from within a virtual desktop session. [HDX-47317]
  • You might notice visual artifacts on playing a video in a published application. The issue occurs when the system where Citrix Workspace app is installed has a GPU that doesn’t support hardware decoding. [HDX-57621]
  • After installing Citrix Workspace app for the 2311.1 release, you might fail to open the product documentation link on the Installation successful screen using Citrix Enterprise Browser. This issue occurs because Citrix Enterprise Browser supports after you signed on to Citrix Workspace app. [CTXBR-6386]

User interface

  • The WebView status bar might appear at the bottom of Citrix Workspace app when you hover the mouse over any published app or desktop icon. [CVADHELP-22108]
  • The name of the audio devices is truncated to 32 characters while passing from Citrix Workspace app to VDA. As a result, the device might not be recognized in the client session by some apps. [HDX-53084]

2309.1

What’s new

This release addresses issues that help to improve overall performance and stability.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 117.1.1.13, based on Chromium version 117. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Fixed issues

  • You might fail to start sessions if the ICA file or the folder where the ICA file is downloaded is named with Unicode or non-English characters. This issue occurs only when you access and authenticate a store using a browser and then start any app or desktop using native Citrix Workspace app. [HDX-55649]

  • You might get errors with the following parameters, while installing the Citrix Workspace app for Windows version 2009 using the command line:

    • STORE0 parameter - An error message appears when a space character is included in the store name mentioning to use the correct format for the store.
    • STARTMENUDIR and DESKTOPDIR - Ignores the name after space and creates the directory with the name before the space.

    [RFWIN-31704]

  • If .NET Runtime 6.0.20 or later version is installed on the system and .NET Desktop Runtime 6.0.20 or later version isn’t installed, you get an error message during Citrix Workspace app installation. [RFWIN-31817]
  • The anti-screen capture feature doesn’t function as intended on Citrix Enterprise Browser version 117.1.1.9, when running on Windows 11. [CTXBR-6181]
  • You might notice visual artifacts on playing a video in a published application. The issue occurs when the system where Citrix Workspace app is installed has a GPU that doesn’t support hardware decoding. [HDX-57621]

2309

What’s new

Note:

From this release onwards, ensure that the Microsoft Edge WebView2 Runtime version is 117 or later. We recommend you to install the latest version to get newer functionalities and security-related fixes.

The following features are added in this release:

Additional .NET prerequisites

In addition to .NET Framework 4.8, Citrix Workspace app requires the x86 version of.NET Desktop Runtime 6.0 for both x86 and x64 systems with admin privileges. For more information, see .NET requirements.

Improved virtual apps and desktops launch experience

Note:

From Citrix Workspace app version 2305.1 and later, this feature is generally available for cloud stores and from 2309 for on-premises stores.

Previously, the launch progress dialog box wasn’t intuitive to the users. It made the users assume that the launch process isn’t responding and they closed the dialog box, as the notification messages were static.

The improved app and desktop launch experience is more informative, modern, and provides a user-friendly experience on Citrix Workspace app for Windows. This feature helps to keep the users engaged with timely and relevant information about the launch status.

For more information, see Improved virtual apps and desktops launch experience.

Addition of the Troubleshooting option in the system tray of Citrix Workspace app

The Troubleshooting option is introduced to improve the user experience and to easily proceed with the troubleshooting. You can right-click on the Citrix Workspace app icon in the system tray that is placed in the bottom-right corner of your screen and then select Troubleshooting to access it.

The options available under Troubleshooting are:

  • Send Feedback
  • Collect Logs
  • Check Configuration
  • Reset App Data
  • Help
Send feedback on Citrix Workspace app

The Send feedback option allows you to inform Citrix about any issues that you might run into while using Citrix Workspace app. You can also send suggestions to help us improve your Citrix Workspace app experience.

For more information, see Addition of the Troubleshooting option in the system tray of Citrix Workspace app.

Sustainability initiative from Citrix Workspace app

When this feature is enabled, a prompt appears to sign out from the desktop session when a user closes a virtual desktop. This feature might help conserve energy if there are Windows OS policies that are used to shut down VMs when no users are logged in.

For more information, see Sustainability initiative from Citrix Workspace app.

Commands to configure keyboard layout synchronization using command-line interface

Previously, you could configure keyboard layout synchronization using the GUI or by updating the configuration file only. With this release, the new commands are introduced to configure keyboard layout synchronization using the command-line-interface.

For more information, see Configure keyboard layout synchronization using command-line interface.

Command to clean up and install Citrix Workspace app

Use the /CleanInstall command to clean up any leftover traces such as files and registry values from a previous uninstall and then freshly install the new version of the Citrix Workspace app.

For example:

CitrixWorkspaceApp.exe /CleanInstall
<!--NeedCopy-->

Optimized Microsoft Teams updates

Upcoming Microsoft Teams Single-Window EOL

On January 31, 2024, Microsoft will retire the Microsoft Teams support for Single-window UI when using VDI Microsoft Teams optimization and support only the Multi-Window experience. You must use a version of Citrix Virtual Apps and Desktops and Citrix Workspace app that support the Multi-Window feature to continue using certain optimized Microsoft Teams functionalities. For more information, see Upcoming Microsoft Teams Single-Window EOL.

Deprecation announcement of the SDP format (Plan B) from WebRTC

Citrix is planning to deprecate the current SDP format (Plan B) support from WebRTC in future releases. You must use a version of Citrix Workspace app that supports the Unified Plan to continue using certain optimized Microsoft Teams functionalities. For more information, see Deprecation announcement of the SDP format (Plan B) from WebRTC.

App Protection

Important update on file names

In a future release for Citrix Workspace app for Windows, the following file names are updated as follows:

Existing file name New file name
EntryProtect.dll ctxapdotnet.dll
entryprotect.sys ctxapdriver.sys
epclient32.dll ctxapclient32.dll
epclient64.dll ctxapclient64.dll
epinject.sys ctxapinject.sys
epusbfilter.sys ctxapusbfilter.sys
entryprotectdrv ctxapdriver
epinject6 ctxapinject

These files are installed at %ProgramFiles(x86)%\Citrix\ICA Client by default.

If you’ve added any of the preceding file names to the allow list in your environment, update the allow list.

Policy tampering detection

Policy tampering detection feature prevents the user from accessing the Virtual App or Desktop session if the App Protection anti-screen capture and anti-keylogging policies are tampered. If policy tampering is detected, the virtual app or desktop session will be terminated displaying the following error message:

Policy tampering error

Note:

This feature will be available only after the release of the upcoming version of Citrix Virtual Apps and Desktops.

For more information about the policy tampering detection feature, see Policy tampering detection.

Full desktop sharing capability from the VDA with Citrix Workspace app

Previously when App Protection is enabled, desktop sharing is disabled for Optimized Microsoft Teams as App Protection doesn’t allow you to capture the screen.

From Citrix Workspace app for Windows 2309 version and later, desktop sharing is enabled for Optimized Microsoft Teams even if App Protection is enabled.

For more information, see Compatibility with HDX optimization for Microsoft Teams.

App Protection with DoubleHop scenario

App Protection features aren’t supported in a double hop scenario. Double hop means a Citrix Virtual Apps or Virtual Desktops session running within a Citrix Virtual Desktops session. You were allowed to launch virtual apps and desktops enabled with App Protection policies in a double hop scenario. However, the App Protection features weren’t applied.

Now, a Windows Group Policy is introduced which allows you to block opening virtual apps and desktops enabled with App Protection policies in a double hop scenario. For more information about enabling the Block DoubleHop Launch setting, see Enable Block DoubleHop Launch setting.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 117.1.1.9, based on Chromium version 117. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Authentication through Citrix Enterprise Browser

Previously, if the authentication token for Citrix Workspace app expired, you weren’t able to use the Enterprise Browser. You had to switch to Citrix Workspace app and reauthenticate to continue using the Enterprise Browser.

Starting with the Citrix Workspace app for Windows 2309 version (which corresponds to the Chromium version 117.1.1.9), you can authenticate within the Enterprise Browser itself only when the store remains the same. It ensures authentication to Citrix Workspace app as well. In addition, this feature provides a seamless login experience.

Note:

  • This feature applies to Workspace stores.

Authentication using Citrix Enterprise Browser

Technical Preview

  • Introducing new installer for Citrix Workspace app
  • Support for EDT Lossy protocol
  • Enhanced domain pass-through for single sign-on

For the complete list of Technical Preview features, see the Features in Technical Preview page.

Fixed issues

Session/Connection

  • The SelfService executable might run even though no account is added in the Citrix Workspace app. [CVADHELP-23124]

  • Attempts to start a published application through Citrix Workspace app on an endpoint with more than eight monitors might fail with the following error message:

    This version of Workspace doesn’t support the selected encryption. Please contact your administrator.

    [CVADHELP-20555]

  • When connecting through Citrix Gateway, if there’s high latency, sessions might fail to connect using EDT and fallback to TCP. If HDX Adaptive Transport policy is set to Diagnostic mode, the sessions might fail to start. [HDX-49878]

  • When using Host to Client URL Redirection a specific URL might fail to open on the client as expected and might open on the VDA. This issue occurs because the Host to Client Content Redirection feature includes a ping check to ensure that the client can actually reach the URL being redirected. If the ping checks fail, it rejects the URL redirection request and the URL opens on the VDA. With the fix, you can prevent ping check in host to client redirection. To prevent ping check-in host to client redirection, set the following registry key.

    HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/Citrix/ICA Client/SFTA Name: OverridePingCheck Type: REG_DWORD Value: 1

    [CVADHELP-22824]

  • The session might disconnect if you click the Desktop Viewer and resize a published desktop continuously. [CVADHELP-22063]
  • After Citrix Workspace app installation completes, when you configure a store using GPO or command line, you might get a fatal error prompt. [CVADHELP-23345]
  • Attempts to reconnect to certain non-English language desktop versions using Auto Client Reconnect might fail with an error message. [CVADHELP-22507]
  • When the self-service mode is set to False and the desktop lock feature is enabled, you might fail to add a store and might fail to start a desktop. [CVADHELP-23052]
  • When the Global App Config server isn’t reachable, the account addition might be timed out and you might fail to add an account. [CVADHELP-22999]
  • You might fail to start apps or desktops session using the API from ICO SDK after upgrading to Citrix Workspace app version 2112 or later. [CVADHELP-22940]
  • You might fail to start apps or desktops from Citrix Workspace when the cloud store is integrated with StoreFront. [CVADHELP-23606]

User experience

  • Attempts to copy and paste .msg files from local Microsoft Outlook to a published explorer might fail. [CVADHELP-22542]
  • When you sign out from Citrix Workspace app, you might not be signed out from the store. This issue occurs if you have set the disableiconhide registry value to ‘true’. [CVADHELP-22916]
  • When you try to open Citrix Workspace app, SelfService UI might be closed unexpectedly and you might fail to open Citrix Workspace app. This issue occurs only when some files are missing in the install location. [CVADHELP-22683]
  • When you open a desktop, the Desktop Viewer name might appear garbled. [CVADHELP-22925]
  • When you connect to a desktop using Cache Redirection mode, if ADC High Availability fails, you might not be able to reconnect to a desktop using Cache Redirection mode. [CVADHELP-22881]
  • After you upgrade from Citrix Workspace app version 2305–2307, you might fail to create desktop shortcuts. [CVADHELP-23429], [CVADHELP-15550]
  • When accessing a webserver using Integrated Windows authentication, the website content might not render on the client and might fall back to the server side. This issue occurs when the BCR proxy configuration is set to DIRECT mode. [HDX-51739]
  • When you sign out from the Citrix Workspace app and sign in again, Citrix Workspace app starts without entering the sign-in credentials. This issue occurs only when you sign in to Citrix Workspace app using custom domain. [RFWIN-31415]

System exceptions

  • The wfica32.exe process might exit unexpectedly during a user session. [CVADHELP-22249], [CVADHELP-22234]
  • Citrix Workspace app for Windows 2212 version might fail to follow the conditions set in the proxy PAC file. [CVADHELP-22503]

App Protection

  • When you are using the Corsair K70 Keyboard with Citrix Workspace app versions 2212 or later, then incorrect keystrokes might be sent to Anti-Keylogging enabled windows. [CVADHELP-23157]

2307.1

What’s new

This release addresses issues that help to improve overall performance and stability.

Fixed issues

  • In Microsoft Teams, while you share a screen or app and resize it, the aspect ratios displayed might not be correct on the recipient’s (other meeting participants) side. This issue also occurs when you share screen or apps that are ordered using the Snap Windows feature option. [HDX-54395]

2307

What’s new

Added support for playing short tones in optimized Microsoft Teams

Earlier, with the secondary ringtone feature enabled, short tones such as beeps or notifications were playing repeatedly. For example, the tone that was played when a guest joins the Microsoft Teams meeting was repeated. The only workaround was to quit and restart Microsoft Teams. This issue resulted in a poor end-user experience.

With this release, Citrix Workspace app supports playing the short tones as desired. This support also enables the secondary ringtone feature.

Prerequisites:

Update to the latest version of Microsoft Teams.

Note:

The preceding feature is available only after the roll-out of a corresponding update from Microsoft Teams. Check the documentation update and the announcement in CTX253754.

Citrix Enterprise Browser

This release includes Citrix Enterprise Browser version 112.1.1.24, based on Chromium version 112. For more information about the Citrix Enterprise Browser, see the Citrix Enterprise Browser documentation.

Citrix Enterprise Browser shortcut

Starting with the Citrix Workspace app for Windows 2307 version, an administrator can configure and control the presence of the Citrix Enterprise Browser shortcut on the Start menu.

Note:

By default, this setting is enabled for Workspace stores.

Configuration

An IT administrator can configure the presence of the Citrix Enterprise Browser shortcut in one of the following ways:

  • Group Policy Object (GPO)
  • Global App Configuration Service (GACS)
  • web.config.file.

Notes:

  • All the configuration methods have equal priority. Enabling any one of them enables the shortcut.
  • If you haven’t configured the shortcut but have one or more Workspace stores, the shortcut gets automatically enabled.
  • For end users, the Citrix Enterprise Browser shortcut appears if the user makes it as a favorite app irrespective of the configuration.

  • To disable this feature for Workspace stores, administrators must apply the following settings in any one of the following:

    • set the CEBShortcutEnabled attribute to false in the web.config file.
    • disable the Enable Citrix Enterprise Browser shortcut property in GPO and GACS.
Using Group Policy Object

Administrators can use the Enable Citrix Enterprise Browser shortcut property to control the display of the Citrix Enterprise Browser shortcut on the Start menu.

Note:

Configuration through GPO is applicable on Workspace and StoreFront.

To enable the Citrix Enterprise Browser shortcut, do the following:

  1. Open the Citrix Workspace app Group Policy Object administrative template by running gpedit.msc.
  2. Under the Computer Configuration node, go to Administrative Templates > Citrix Components > Citrix Workspace > Citrix Enterprise Browser.
  3. Select the Enable Citrix Enterprise Browser shortcut option.

Enable Citrix Enterprise Browser shortcut

For more information on how to use the GPO, see the Group Policy Object administrative template page.

Global App Configuration service (GACS)

Navigate to Workspace Configuration > App Configuration > Citrix Enterprise Browser and enable Enable Citrix Enterprise Browser shortcut.

For more information on how to use the GACS UI, see the User interface article in the Citrix Enterprise Browser documentation.

Note:

This way of configuration is applicable on Workspace and StoreFront.

web.config file:

Enable the attribute CEBShortcutEnabled under the properties.

<properties>  

            <property name="CEBShortcutEnabled" value="True" />

</properties>
<!--NeedCopy-->

Note:

Configuration through web.config is applicable on StoreFront.

Using web.config:

To enable the Citrix Enterprise Browser shortcut, do the following:

  1. Use a text editor to open the web.config file, which is typically at C:\inetpub\wwwroot\Citrix\Roaming directory.

  2. Locate the user account element in the file (Store is the account name of your deployment) For example: <account id=... name="Store">

  3. Before the </account> tag, navigate to the properties of that user account and add the following:

    <properties>

        <property name="CEBShortcutEnabled" value="True" />

</properties>
<!--NeedCopy-->

Following is an example of the web.config file:

<account>

      <clear />

          <account id="d1197d2c-ac82-4f13-9346-2ee14d4b0202" name="F84Store"

          description="" published="true" updaterType="Citrix" remoteAccessType="None">
         <annotatedServices>
     <clear />
     <annotatedServiceRecord serviceRef="1__Citrix_F84Store">
            <metadata>  
                   <plugins>  
                        <clear />
                    </plugins>
             <trustSettings>
                        <clear />
              </trustSettings>
              <properties>
                        <property name="CEBShortcutEnabled" value="True" />
               </properties>
            </metadata>
       </annotatedServiceRecord>
</annotatedServices>
<metadata>
          <plugins>
                  <clear />
          </plugins>
         <trustSettings>
                     <clear />
         </trustSettings>
         <properties>
                <clear />
         </properties>
      </metadata>
</account>

<!--NeedCopy-->

Fixed issues

  • On Citrix Workspace app for Windows version 2212 and later, the first launch of the anti-screen capture enabled virtual desktop in a custom web store is not protected in the following case: If you haven’t selected the Start App Protection after installation checkbox, and launch the virtual desktop. The desktop is protected from the subsequent launches. [CVADHELP-23189]
  • Citrix Workspace app sessions might get disconnected due to a possible failure in wfica32.exe. This issue occurs rarely and you might get an error message with event ID 1000. [CVADHELP-23341]
  • When you access Linux VDA from the Citrix Workspace app for Windows version 2303 or later, the Wfica32.exe might fail. This issue occurs when the session is left opened for a long time. [CVADHELP-23037]
  • If you use the Citrix Workspace app version 2305.1 or earlier to personalize the app as per your organization, the brand personalization might not be reflected. This issue occurs due to a certificate update in Citrix Workspace app done recently. [RFWIN-30798]

Known issues

Known issues in 2409

  • In some instances, when using Citrix Workspace app version 2409 with RealTime Media Engine (RTME) version 2.9.700, the VDA launch from StoreFront might not be successful. This issue occurs if the updater service is unable to remove the vcruntime140.dll and msvcp140.dll binaries. To resolve the issue, reboot the endpoint or manually remove or rename the vcruntime140.dll and msvcp140.dll binaries. [RFWIN-36992]
  • The Desktop Viewer menu might occasionally appear on a different screen than the one currently in use. This behavior can occur randomly when interacting with the viewer menu bar to expand or minimize it. As a workaround, drag the Desktop Viewer to the monitor where the desktop is located. [HDX-73186]
  • You might notice that the Connection Details icon text is truncated. As a workaround, hover over the icon. [HDX-73562]

  • If files matching the following patterns are present in the Citrix Workspace app for Windows installation location, they might impact the functionality of the Citrix Workspace app and must be deleted:

    • msvcp140.dll
    • vcruntime140.dll
    • api-ms-win-core*.dll
    • api-ms-win-crt*.dll
    • ucrtbase.dll

    These files are typically created by RTME or Cisco VDI plugin and deleted as follows:

    • For admin mode installations, Citrix Workspace app deletes these files automatically.
    • For user mode installations, these files are cleaned up automatically during Citrix Workspace app install, upgrade, auto-update, or uninstall. However, if these files are created by any plugin after Citrix Workspace app installation, they need to be deleted manually. [RFWIN-36920]
  • When the device sharing system audio is removed while sound is being played, and the audio switches to a device with a different audio format, the system audio is not heard by the other user. As a workaround, reshare the audio. [HDX-70936]
  • The UpdaterService.exe might initiate during the installation process when the required .NET files are missing from the system. Therefore, this issue might cause the installation of Citrix Workspace app to become stuck, as the UpdaterService.exe fails to proceed. As a workaround, install .NET Desktop Runtime 8.0 or later and then retry the installation [RFWIN-36230]

Known issues in 2405.10

  • When Browser Content Redirection (BCR) is enabled, the drop-down menus might fail to render in the browser when the Citrix desktop session is in full-screen mode. As a workaround, use the Citrix desktop session in Windowed mode. [CVADHELP-18385]

Known issues in 2405

  • When Citrix Workspace app uses Fast Connect 3 Credential Insertion API for authentication, you might notice that the CtxCredApi.dll, which is used to inject credentials in SSON server, is present only for x64 systems. As a result, you might not be able to use the CtxCredApi.dll when running on x86 apps. As a workaround, use x64 apps to access the CtxCredApi.dll. [RFWIN-35818]

  • You might fail to customize Citrix Workspace app using App Personalization service. This issue occurs in Citrix Workspace app version 2405 or later. [RFWIN-36015]

  • You might notice that the error messages for the failed sessions in Citrix Workspace app are not displayed correctly. The following text artifacts are observed:

    • Instead of the reason for error %s is displayed
    • Error number is displayed twice

    You can see the additional details on the error message by searching the transaction ID in Citrix Director (for on-premises sites) or in Citrix Monitor (for cloud sites) console to troubleshoot the issue. [HDX-67197]

  • When a new user starts the virtual desktop for the first time, the session window appears small. Also, the window is placed in the upper left of the screen. The issue is observed on certain display devices with high DPI, such as the Microsoft Surface Pro. As a workaround, resize the window manually. The preferred dimensions are retained, and subsequent starts of the same desktop display correctly. [HDX-62297]

Known issue in 2403.1

  • In a double-hop scenario, the ALT +TAB key might not work on macOS clients. [CVADHELP-23085]
  • If a full screen HDX session is on focus, and endpoint is locked using Ctrl+Alt+Del, users might be unable to type anything after unlocking. [CVADHELP-24512]
  • H265 444 on Intel might result in artifacts being visible in the session. As a workaround, resize the session or toggle full-screen mode. [HDX-60061]

Known issues in 2403

  • If you have a RealTime Media Engine (RTME) older than 2.9.700 version installed on the end point device, you might fail to open published apps or desktops. This issue occurs on Citrix Workspace app for Windows 2403 and on Citrix Workspace app for Windows 2402 LTSR versions. As a workaround, you can do one of the following:

    • If you use Skype for Business with the RTME plug-in, upgrade RTME to 2.9.700 version or later.
    • If you do not use Skype for Business, uninstall HDX Real time pack using the uninstall wizard (add or remove programs) on Windows.
    • If you are using Citrix Workspace app for Windows version 2403, upgrade to the 2403.1 version.

    For more information, see Knowledge Center article CTX666291. [HDX-63684]

  • If the end user machine has multiple versions of .Net installed, and .Net is upgraded for the version which is not in use by the Citrix Workspace app, the app restarts. [RFWIN-32377]

  • When you’re using a virtual desktop session, the Ctrl+Alt+Break keyboard shortcut doesn’t work as expected. This keyboard shortcut is used to access the menu options of the Desktop Viewer toolbar and to toggle between the windowed and the full-screen modes. [RFWIN-31815]

  • BCR MSI standalone is currently not supported with non-admin install. [HDX-62636]

  • When a new user starts the virtual desktop for the first time, the session window appears small. Also, the window is placed in the upper left of the screen.

    The issue is observed on certain display devices with high DPI, such as Microsoft Surface Pro.

    As a workaround, resize the window manually. The preferred dimensions are retained, and when you start the same desktop, it displays correctly. [HDX-62297]

Known issues in 2311.1

  • When the name of the audio device is more than 200 characters, the device might fail to redirect to the virtual session. [HDX-58341]
  • The Windows Surface touchpad and soft keyboard might not be supported on the Citrix Workspace app sign in screen. This issue occurs when you sign in to a session that is published from Windows VDA in full-screen mode. As as a workaround, open the session in window mode and then sign in to the Citrix Workspace app. [RFWIN-32050]
  • Attempts to exit Citrix Workspace app might fail if you have any apps or desktops sessions that are still open. The workaround is to disconnect from all open desktops and apps using the Desktop Viewer toolbar or the connection center before exiting Citrix Workspace app. [HDX-59129]
  • You might notice that there is no automatic focus inside the virtual desktop that is opened in full-screen mode. You must click inside the session to regain focus. [RFWIN-32051]
  • You might notice visual artifacts when attempting to split the screen or adjust the primary monitor within the Monitor Layout tab on the Preferences screen. [HDX-59798]

  • Sometimes, USB composite devices might not be split automatically even though a correct device redirection rule is set to split the device. This issue occurs because the device is in low power mode. In these instances, the child device that enters low power mode might not be present in the device list. You can use the following workarounds to overcome this issue:

    • Disconnect the session, insert the USB device, and reconnect to the session. Or,

    • Unplug the USB device and plug it back in. This action results in the device moving out of low power mode. [HDX-34143]

Known issues in 2309

  • You might fail to start sessions if the ICA file or the folder where the ICA file is downloaded is named with Unicode or non-English characters. This issue occurs only when you access and authenticate a store using a browser and then start any app or desktop using native Citrix Workspace app. To mitigate this issue, we recommend that you continue on the Citrix Workspace app for Windows for 2307.1 version until a new version is released. [HDX-55649]
  • You might not be able to the sign in to Citrix Workspace app using single sign-on or might not see the authentication prompt in cloud stores. This issue occurs when the account is configured through the GPO or command line for the first time and when the self-service mode is set to false and the Silent authentication to Citrix Workspace policy is enabled. [CVADHELP-22641]
  • A jittery movement might be observed in the mouse cursor on Citrix Workspace app when the Use relative mouse setting is enabled. [CVADHELP-21829]
  • In certain scenarios, when Citrix Workspace app fails to start apps or desktops, you might get two error messages, where one message appears in a dialog box and the other is a toast notification. [RFWIN-31561]

  • Installation of Citrix Workspace app for Windows version 2309 using the command line might fail if you’ve included a space character in the store name for the STORE0 parameter. As a workaround, use the store name without spaces while installation as shown in the following example:

     CitrixWorkspaceApp.exe STORE0="AppStore;https://sales.example.com/Citrix/Store/discovery;on;HR AppStore" 
 <!--NeedCopy-->

    [RFWIN-31704]

Known issues in 2305.1

  • You might be prompted to enter proxy credentials each time when you start Citrix Workspace app. [RFWIN-26399]
  • When you switch from external monitors to a single monitor (for example laptop), the size of Citrix Workspace app menu options, UI text, and dialog boxes might appear smaller than the normal display size. [HDX-47575]
  • You might notice a gray screen for a few seconds before the sessions are opened successfully. This issue occurs for cloud stores. It also occurs for on-premises stores when the improved virtual apps desktops launch experience for StoreFront feature, which is in technical preview, is enabled. [RFWIN-30327]
  • When connecting through Citrix Gateway, if there is high latency, sessions might fail to connect using EDT and fallback to TCP. If HDX Adaptive Transport policy is set to Diagnostic mode, the sessions might fail to start. [HDX-49878]

Legacy documentation

For product releases that have reached End of Life (EOL), see Legacy documentation.

Third-party notices

Citrix Workspace app for Windows might include third-party software licensed under the terms defined in the following document:

Citrix Workspace app for Windows Third-Party Notices (PDF download)

About this release
January 21, 2025
Contributed by: 
S M V
January 21, 2025
Contributed by: 
S M V

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.