The Auto Client Reconnect feature allows plugins for Windows, Java, and Windows CE to detect broken connections and automatically reconnect users to disconnected sessions. When a plugin detects an involuntary disconnection of a session, it attempts to reconnect the user to the session until there is a successful reconnection or the user cancels the reconnection attempts.
When a connection breaks, it may leave the server session in an active state.
Users can reconnect only to sessions that are in a disconnected, or inactive, state.
Cookies containing keys to user credentials and session IDs are created on the client device when sessions are started. Because users can be reconnected only to disconnected sessions, Auto Client Reconnect uses the cookie on the client device to disconnect an active session before attempting to reconnect.
By default, Auto Client Reconnect is enabled at the server farm level and user reauthentication is not required. You can customize the settings for this feature at the farm level and for individual servers. To do this, select ICA on the
corresponding farm or server Properties page in the Access Management Console and modify the Auto Client Reconnect settings as appropriate.
Security in Auto Client Reconnect. Auto Client Reconnect incorporates an authentication mechanism based on encrypted user credentials. When a user initially logs on to a server farm, XenApp encrypts and stores the user credentials in memory, and creates and sends a cookie containing the encryption key to the plugin. The plugin submits the key to the server for reconnection. The server decrypts the credentials and submits them to Windows logon for authentication.
When cookies expire, users must reauthenticate to reconnect to sessions. Cookies are not used if you select Require user authentication. Selecting this option displays a dialog box to users requesting credentials when the plugin attempts to reconnect automatically. Use the Access Management Console to enable Require user authentication.
Note: For maximum protection of users’ credentials and sessions, use SSL encryption for all communication between clients and the server farm.
Configuring Auto Client Reconnect Settings. You can configure these Auto Client Reconnect settings.
• Require user authentication upon autoreconnection. You can set this requirement at the server farm level or for individual servers.
• Enable or disable logging of reconnection events for the server farm or individual servers.
• Enable or disable auto reconnect functionality on the client device using an ICA file or using Group Policy to configure Session reliability and automatic reconnection on client devices.
Use the Access Management Console or the Acrcfg command to require user authentication for automatic reconnection and reconnection event logging.
Reconnection event logging is disabled by default. For more information about the Acrcfg command, see “Citrix XenApp Commands Reference” on page 347.
Disable Auto Client Reconnect on the plugin for Windows by using the icaclient.adm file. For more information about plugin configuration, see the XenApp Plugin for Hosted Apps for Windows Administrator’s Guide.
Settings for connections also affect Auto Client Reconnect.
Configuring Connections for Automatic Client Reconnection. By default, Auto Client Reconnect is enabled at the server farm level; user reauthentication is not required. However, if a server’s ICA TCP connection is configured to reset sessions with a broken communication link, automatic reconnection does not occur. Auto Client Reconnect works only if the server disconnects sessions when there is a broken or timed out connection.
In this context, the ICA TCP connection refers to a XenApp’s virtual port (rather than an actual network connection) that is used for sessions on TCP/IP networks.
By default, the ICA TCP connection on a XenApp server is set to disconnect sessions with broken or timed out connections. Disconnected sessions remain intact in system memory and are available for reconnection by the plugin.
The connection can be configured to reset, or log off, sessions with broken or timed out connections. When a session is reset, attempting to reconnect initiates a new session; rather than restoring a user to the same place in the application in use, the application is restarted.
If XenApp is configured to reset sessions, Auto Client Reconnect creates a new session. This process requires users to enter their credentials to log on to the server.
Logging Automatic Client Reconnection Events. To enable or disable log entries for automatic reconnection events, open the ICA page in the Properties pages for the server farm or individual servers.
Logging is disabled by default. When logging is enabled, the server’s System log captures information about successful and failed automatic reconnection events to help with diagnosis of network problems.
Automatic reconnection can fail if the plugin submits incorrect authentication information, which might occur during an attack or the server determines that too much time has elapsed since it detected the broken connection.
Each server stores information about reconnection events in its own System log.
The server farm does not provide a combined log of reconnection events for all servers.
To configure a default Auto Client Reconnect setting for a farm
Follow this procedure to configure server reconnection settings to be used when connections between client devices and XenApp servers are broken.
1. Select the farm in the left pane.
2. From the Action menu, select Modify farm properties > Modify all properties.
3. From the Properties list, select Server Default > ICA > Auto Client Reconnect.
4. Choose one of these options:
• Require user authentication. Select this option if you want users to be prompted for credentials during automatic reconnection to an ICA session. Do not select this option if you want users to be
reauthenticated automatically during reconnection. Settings for automatic client reconnection override similar settings configured in Microsoft Windows Group Policy.
• Reconnect automatically (default setting). Select this option if you do not want users to be prompted for credentials. Selecting this option also allows reconnection attempts to be logged.
5. If you selected Reconnect automatically in the previous step, you can select the Log automatic reconnection attempts check box to record information about successful and failed automatic reconnection events to each server’s system log.
To configure an Auto Client Reconnect setting for a server
Follow this procedure to configure server reconnection settings to be used when connections between client devices and a XenApp server are broken.
1. Select the server in the left pane.
2. From the Action menu, select Modify server properties > Modify all properties.
3. From the Properties list, select ICA > Auto Client Reconnect.
4. If you want the server to use the default farm settings, select the Use farm settings check box; otherwise, follow Steps 4 and 5 in the “To configure a default Auto Client Reconnect setting for a farm” procedure.