Service continuity

Service continuity removes or minimizes dependence on the availability of components involved in the connection process. Users can launch their virtual apps and desktops regardless of the cloud services health status.

Service continuity allows users to connect to their virtual apps and desktops during outages, as long as the user device maintains a network connection to a resource location. Users can connect to virtual apps and desktops during outages in Citrix Cloud components or in public and private clouds. Users can connect directly to the resource location or through the Citrix Gateway service.

Service continuity improves the visual representation of published resources during outages by using Progressive Web Apps service worker technology to cache resources in the user interface.

Service continuity uses Workspace connection leases to allow users to access apps and desktops during outages. Workspace connection leases are long-lived authorization tokens. Workspace connection lease files are securely cached on the user device. When a user signs in to Citrix Workspace, Workspace connection lease files are saved to the user profile for each resource published to the user. Service continuity lets users access apps and desktops during an outage even if the user has never launched an app or desktop before. Workspace connection lease files are signed and encrypted and are associated with the user and the user device. When service continuity is enabled, a Workspace connection lease allows users to access apps and desktops for seven days by default. You can configure Workspace connection leases to allow access for up to 30 days.

When users exit Citrix Workspace app, Citrix Workspace app closes but the Workspace connection leases are retained. Users exit the Citrix Workspace app by right-clicking its icon in the system tray or by restarting the user device. You can configure service continuity to delete or retain Workspace connection leases when users sign out of Citrix Workspace during an outage. By default, Workspace connection leases are deleted from user devices when users sign out during an outage.

Service continuity is supported for double hop scenarios when Citrix Workspace app is installed on a virtual desktop.

Service continuity is supported for the Citrix Workspace app in native app only. Browser extensions that support service continuity are available in technical preview.

For an in-depth technical article about Citrix Cloud resiliency features, including service continuity, see Citrix Cloud Resiliency.

Note:

The deprecated Citrix Virtual Apps and Desktops feature called “connection leasing” resembles Workspace connection leases in that it improved connection resiliency during outages. Otherwise, that deprecated feature is unrelated to service continuity.

User device setup

To access resources during an outage, users must sign in to Citrix Workspace before the outage occurs. When you enable service continuity, users must perform the following steps on their devices:

  1. Download and install a supported version of Citrix Workspace app.

  2. Add the Workspace URL for your organization to Citrix Workspace app (for example, https://example.cloud.com).

  3. Sign in to Citrix Workspace.

User experience during an outage

When service continuity is enabled, the user experience during an outage varies depending on:

  • The type of outage.
  • Whether the Citrix Workspace app is configured with domain pass-through authentication.
  • Whether session sharing is enabled for the app or desktop the user connects to.

For some outages, users continue accessing their virtual apps and desktops with no change to their user experience.

Depending on how Citrix Workspace app and the VDAs are configured, during an outage the VDA might prompt users to enter their credentials into the Windows Logon user interface. If this prompt occurs, users enter their Active Directory (AD) credentials or smart card PIN to access the app or desktop. This step is required when user credentials are not passed through during outages. Before accessing an app or desktop, users must reauthenticate to the VDA.

Users can access resources without entering their AD credentials if:

  • Citrix Workspace app is configured with domain pass-through authentication. Users can access any available resource during a Citrix Workspace outage without entering their credentials. For information about configuring domain pass-through authentication for Citrix Workspace app for Windows, see Authenticate.
  • Session sharing is enabled. Users can access apps or desktops hosted on the same VDA after they provide their credentials for one resource on that VDA. Session sharing is configured for the application group containing the resource on the VDA. For information about configuring application groups, see Create application groups.

In all other configurations, users are prompted to reenter their AD credentials at the VDA before accessing resources.

During a Citrix Workspace outage, users see this message at the top of the Citrix Workspace home page: “Unable to connect to some of your resources. Some virtual apps and desktop may still be available.” Users see apps and desktops that they can connect to during the outage. If the app or desktop is not available, the icon appears dimmed. Citrix Workspace app home page showing service continuity outage message and apps

To access resources that are available during an outage, users select a resource icon that is not dimmed. If prompted, the user then reenters their AD credentials at the VDA before accessing resources.

During an outage in the identity provider for workspace authentication, users might not be able to sign in to Citrix Workspace through the Workspace sign-in page. Users must close the Workspace sign-in page by clicking the X in the upper-left corner. Citrix Workspace app sign-in page

Afterward, the Citrix Workspace home page appears. Users then access resources as they would during a Citrix Workspace outage.

Regardless of the type of outage, users can continue to access resources if they exit and relaunch Citrix Workspace app. Users can restart their user devices without losing access to resources.

In the default configuration of service continuity, users lose access to their resources if they sign out of Citrix Workspace. If you want users to retain access to their resources after signing out, specify that Workspace connection leases are retained when users sign out. See Configure service continuity.

Requirements and limitations

Site requirements

  • Supported in all editions of the Citrix Virtual Apps and Desktops service and Citrix Virtual Apps and Desktops Standard for Azure, when using Workspace Experience.

  • Not supported for Citrix Workspace with site aggregation to on-premises Virtual Apps and Desktops.

  • Not supported for on-premises Citrix Gateway.

User requirements

  • Citrix Workspace app 2106 for Windows, Citrix Workspace app 2106 for Mac, or Citrix Workspace app 2106 for Linux at a minimum.

Note:

The version of Citrix Workspace app for Linux available for use with service continuity is in technical preview.

For information on installing Citrix Workplace app for Linux, including information about installing the app for use with service continuity, see Citrix Workspace app for Linux.

  • Supported for the Citrix Workspace app in native app only. Not supported for Citrix Workspace app for Web.

  • Only one user per device is supported. Kiosk or “hot desk” user devices are not supported.

  • Browser extensions that support service continuity are available in technical preview. See Support for service continuity in browser (Technical Preview).

Supported workspace authentication methods

  • Active Directory
  • Active Directory plus token
  • Azure Active Directory
  • Okta
  • Citrix Gateway (primary user claim must be from AD)
  • SAML 2.0

Authentication limitations

  • Single sign-on with Citrix Federated Authentication Service (FAS) is not supported. Users enter their AD credentials into the Windows Logon user interface on the VDA.
  • Single sign-on to VDA is not supported.
  • Local mapped accounts are not supported.
  • VDAs joined to Azure AD are not supported. All VDAs must be joined to an AD domain.

Citrix Cloud Connector scale and size

  • 4 vCPU or more
  • 4 GB memory or more

Citrix Cloud Connector connectivity

Citrix Cloud Connector must be able to reach https://rootoftrust.apps.cloud.com. Configure your firewall to allow this connection. For information about the Cloud Connector firewall, see Cloud Connector Proxy and Firewall Configuration.

Connectivity optimization limitations

Advanced Endpoint Analysis (EPA) is not supported.

Enlightened Data Transport (EDT) is not supported during outages.

VDA requirements and limitations

  • VDA 7.15 LTSR or any current release that has not reached end of life are supported.
  • VDAs joined to Azure AD are not supported. All VDAs must be joined to an AD domain.
  • VDAs must be online for users to access VDA resources during an outage. VDA resources are not available when the VDA is affected by outages in:
    • AWS
    • Azure
    • Cloud Delivery Controller, unless Autoscale is enabled for the delivery group delivering the resource

Note:

If you are using Citrix Hypervisor or vSphere with Autoscale, then power management is available even during Cloud Delivery Controller outages.

  • VDA workloads supported during outages:
    • Hosted shared apps and desktops
    • Random non-persistent desktops (pooled VDI desktop) with power management
    • Static non-persistent desktops
    • Static persistent desktops, including Remote PC Access

    Note:

    Assign on first use is not support during outages.

For more information about available VDA functions during outages, see VDA management during outages.

App protection limitations

If app protection policies are enabled for an app or desktop, the icon for that app or desktop does not appear in the Citrix Workspace home page during outages. Users can’t access these resources during outages.

For more information about app protection policies, see App protection.

Unicode and ASCII user name requirements and limitations

Service continuity might not support all users who have Unicode user names on their Windows devices but ASCII user names for their Citrix Workspace account. If the Unicode user name contains Cyrillic or eastern Asian characters, Workspace connection leases fail to launch for these users.

Local keyboard mapping requirements and limitations

The Windows Logon user interface that prompts users to reauthenticate on the VDA does not support local keyboard language mapping. To allow users to reauthenticate during an outage if they have local keyboard language mapping on their devices, preload the keyboard layouts these users require.

Warning:

Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be solved. Use the Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Edit this registry key in the VDA image:

HKEY_USERS\.DEFAULT\Keyboard Layout\Preload

The corresponding language pack in the virtual desktop image must be installed.

For a list of keyboard identifiers associated with keyboard languages, see Keyboard Identifiers and Input Method Editors for Windows.

Configure resource location network connectivity for service continuity

You can configure your resource location to accept connections from outside or inside your LAN.

To configure for connections from outside your LAN:

  1. From the Citrix Cloud menu, go to Workspace Configuration > Access.
  2. Select Configure Connectivity.
  3. Select Gateway Service as your connectivity type.
  4. Click Save.

To configure for connections inside your LAN:

  1. From the Citrix Cloud menu, go to Workspace Configuration > Access.
  2. Select Configure Connectivity.
  3. Select Internal Only as your connectivity type.
  4. Click Save.

Configure your Citrix Cloud Connector and VDA firewalls to accept connections over Common Gateway Protocol (CGP) TCP port 2598. This configuration is the default setting.

Configure service continuity

To enable service continuity for your site:

  1. From the Citrix Cloud menu, go to Workspace Configuration > Service continutity.
  2. Set Connection leasing for the Workspace to Enable. Service continuity console page
  3. Set Connection lease period to the number of days a Workspace connection lease can be used to maintain a connection. The Workspace connection lease period applies to all Workspace connection leases through your site. The Workspace connection lease period starts the first time a user signs in to the Citrix Cloud Workspace store. Workspace connection leases are refreshed each time the user signs in, up to once a day. The Workspace connection lease period can be from one day to 30 days. The default is seven days.
  4. Click Save.

By default, Workspace connection leases are deleted from the user device if the user signs out of Citrix Workspace during an outage. If you want Workspace connection leases to remain on user devices after users sign out, use the following PowerShell command:

Set-BrokerSite -DeleteResourceLeasesOnLogOff $false

Note:

Workspace connection leases can’t be set to remain on user devices after users sign out for users connecting with Citrix Workspace app for Mac. Citrix Workspace for Mac is unable to read the value of the DeleteResourceLeaseOnLogOff property.

How service continuity works

If there is no outage, users access virtual apps and desktops using ICA files. Citrix Workspace generates a unique ICA file each time a user selects a virtual app or desktop icon. Each ICA file contains a Secure Ticket Authority (STA) ticket and a logon ticket that can be redeemed only once to gain authorized access to virtual resources. The tickets in each ICA file expire after about 90 seconds. After the ticket in an ICA file is used or expires, the user needs another ICA file from Citrix Workspace to access resources. When service continuity is not enabled, outages can prevent users from accessing resources if Citrix Workspace can’t generate an ICA file.

Citrix Workspace generates ICA files when users launch virtual apps and desktops regardless of whether service continuity is enabled. When service continuity is enabled, Citrix Workspace also generates the unique set of files that make up a Workspace connection lease. Unlike ICA files, Workspace connection lease files are generated when the user signs into Citrix Workspace, not when the user launches the resource. When a user signs in to Citrix Workspace, connection lease files are generated for every resource published to that user. Workspace connection leases contain information that gives the user access to virtual resources. If an outage prevents a user from signing in to Citrix Workspace or accessing resources using an ICA file, the Workspace connection lease gives the user authorized access to the resource.

How sessions launch during outages

When users click an icon for an app or desktop during an outage, the Citrix Workspace app finds the corresponding Workspace connection lease on the user device. Citrix Workspace app then opens a connection. If connectivity to the resource location that hosts the app or desktop is configured to accept connections from outside your LAN, a connection opens to Citrix Gateway service. If connectivity to the resource location that hosts the app or desktop is configured to accept connections from inside your LAN only, a connection opens to the Cloud Connector.

When the Citrix Cloud broker is online, the Cloud Connector uses the Citrix Cloud broker to resolve which VDA is available. When the Citrix Cloud broker is offline, the secondary broker for the Cloud Connector (also known as the High Availability service) listens for and processes connection requests.

Users who are connected when an outage occurs can continue working uninterrupted. Reconnections and new connections experience minimal connection delays. This functionality is similar to Local Host Cache, but does not require an on-premises StoreFront.

When a user launches a session during an outage, this window appears indicating that Workspace connection leases were used for the session launch:

Session launch progress window

After the user has finished signing into the session, these properties appear in the Workspace Connection Center:

Workspace Connection Center properties

The launch mode property provides information about the Workspace connection leases used to launch the session.

What makes it secure

All sensitive information in the Workspace connection lease files is encrypted with the AES-256 cipher. Workspace connection leases are bound to a public/private key pair uniquely associated with the specific client device and cannot be used on a different device. A built-in cryptographic mechanism enforces use of the unique key pair on each device.

Workspace connection leases are stored on the user device in AppData\Local\Citrix\SelfService\ConnectionLeases.

The security architecture of service continuity is built on public-key cryptography, similarly to a public key infrastructure (PKI), but without certificate chains and certificate authorities. Instead, all the components establish transitive trust by relying on a new Citrix Cloud service called the root of trust that acts like a certificate authority.

Block connection leases

If a user device is lost or stolen, or a user account is closed or compromised, you can block Workspace connection leases. When you block Workspace connection leases associated with a user, the user can’t connect to resources. Citrix Cloud no long generates or synchronizes Workspace connection leases for the user.

When you block Workspace connection leases associated with a user account, you block connections to that account on all devices associated with that account. You can block Workspace connection leases for a user or for all users in a user group.

To revoke Workspace connection leases for a single user or user group, use this PowerShell command:

Set-BrokerConnectionLeaseRevocationDate -Name username -LeaseRevocationDays Days

Replace username with the user associated with the account you want to block from connecting. Replace username with a user group to block connection from all accounts in the user group. Replace Days with the number of days connections are blocked.

For example, to block connections for xd.local/user1 for the next 7 days, type:

Set-BrokerConnectionLeaseRevocationDate -Name xd.local/user1 -LeaseRevocationDays 7

To view the time period for which Workspace connection leases are revoked, use this PowerShell command:

Get-BrokerConnectionLeaseRevocationDate -Name username

Replace username with the user or user group you want to view the time period for.

For example, to view the time period for which Workspace connection leases are revoked for xd.local/user1, type:

Get-BrokerConnectionLeaseRevocationDate -Name xd.local/user2

This information appears:

FullName                        :
Name                            : XD\user2
UPN                             :
Sid                             : S-1-5-21-nnnnnn
LeaseRevocationDays             : 2
LeaseRevocationDateTimeInUtc    : 2020-12-17T17:34:25Z
LastUpdateDateTimeInUtc         : 2020-12-19T17:34:25Z

From this output you can see that user xd.local/user2 has Workspace connection leases revoked for two days, from December 17, 2020, through December 19, 2020, at 17:34:25 UTC on each day.

To allow a user account that has Workspace connection leases revoked to receive connection again, remove the block using this PowerShell command:

Remove-BrokerConnectionLeaseRevocationDate -Name username

Replace username with the blocked user or user group you want to receive connection. To allow all blocked user account to receive connections, omit the Name option.

Double hop scenarios

Service continuity can allow users to access resources during outages in double hop scenarios. In a double hop scenario, a physical user device connects to a virtual desktop that has Citrix Workspace app installed. The virtual desktop then connects to another virtual resource.

Service continuity can allow users to access virtual resources during an outage if the user is signed in to Citrix Workspace before the outage occurs, regardless of the type of virtual desktop in the double hop scenario. If the virtual desktop retains user changes, service continuity can also provide access to virtual resources during outages that occur while the user is not signed in.

Service continuity treats the physical user device and the virtual device in a double hop scenario as individual client endpoints. Each device has its own set of Workspace connection leases. When a user signs in to Citrix Workspace on a physical device, Workspace connection lease files are downloaded and saved to the user profile on the physical device. The user then accesses a virtual desktop and signs in to Citrix Workspace on the virtual desktop. At this point, a different set of Workspace connection leases is downloaded and saved the user profile on the virtual desktop. Workspace connection lease files are associated with the device they are download to. Workspace connection lease files can’t be copied to another device and reused, even by the same user. For this reason, service continuity can’t provide access to resources during outages that occur after the session ends if the virtual desktop discards changes made during a user session. For this type of virtual desktop, Workspace connection leases are among the changes discarded.

Here’s how service continuity works in double hop scenarios with each type of supported virtual desktop.

For double hops that include… Service continuity can provide access to virtual resources during outages…
Hosted shared desktops If the outage occurs while the user is signed in to the virtual desktop.
Random non-persistent desktops (pooled VDI desktop) If the outage occurs while the user is signed in to the virtual desktop.
Static non-persistent desktops If the virtual desktop has not restarted since the user last logged in.
Static persistent desktops Anytime an outage occurs.

VDA management during outages

Service continuity uses the Local Host Cache function within the Citrix Cloud Connector. Local Host Cache allows connection brokering to continue on a site when the connection between the Cloud Delivery Controller and the Cloud Connector fails. Because service continuity relies on Local Host Cache, it shares some limitations with Local Host Cache.

Note:

Although service continuity uses Local Host Cache within the Cloud Connector, unlike Local Host Cache, service continuity is not supported with on-premises StoreFront.

Power management of VDAs during outages

If your site uses Citrix Hypervisor or vSphere, Citrix Host Service can provide hypervisor credentials to Cloud Connector. If your site uses any other hypervisor, such as VMs stored in Azure, Citrix Host Service can’t provide hypervisor credentials to the Cloud Connector. This means:

  • If your site uses Citrix Hypervisor or vSphere: The Cloud Connector can perform power management operations, including the Pooled VDI case, during an outage.
  • If your site uses any other hypervisor: During an outage, all machines are in the unknown power state and no power operations can be issued. However, VMs on the host that are powered-on can be used for connection requests.

By default, power-managed desktop VDAs in pooled delivery groups that have the ShutdownDesktopsAfterUse property enabled are placed into maintenance mode when an outage in the Citrix-managed broker occurs. You can change this setting to allow those desktops to be used during an outage. However, power management is only available during an outage if you are using Autoscale with Citrix Hypervisor or vSphere. If those desktops are used during on outage, they might contain data from the previous user because they have not been restarted.

Power management resumes when normal operations resume after an outage.

Machine assignment and automatic enrollment

An assigned machine can be used only if the assignment occurred during normal operations. New assignments cannot be made during an outage.

Automatic enrollment and configuration of Remote PC Access machines is not possible. However, machines that were enrolled and configured during normal operation are usable.

VDA resources in different zones

Server-hosted applications and desktop users might use more sessions than their configured session limits, if the resources are in different zones.

Unlike Local Host Cache, service continuity can launch applications and desktops from registered VDAs in different zones, as long as the resource is published in more than one zone. Citrix Workspace app might take longer to find a healthy zone as it cycles sequentially through all the zones in the Workspace connection lease.

Monitoring and troubleshooting

Service continuity performs two main actions:

  • Download Workspace connection leases to the user device. Workspace connection leases are generated and synced with the Citrix Workspace app.
  • Launch virtual desktops and apps using Workspace connection leases.

Troubleshooting downloading Workspace connection leases

You can view Workspace connection leases at this location on the user device.

On Windows devices:

C:\Users\Username\AppData\Local\Citrix\SelfService\ConnectionLeases\Store GUID\User GUID\leases

Username is the user name.

Store GUID is the global unique identifier of the Workspace store.

User GUID is the global unique identifier of the user.

On Mac devices:

$HOME/Library/Application Support/Citrix Receiver/CLSyncRoot

For example, open /Users/luca/Library/Application Support/Citrix Receiver/CLSyncRoot

On Linux:

$HOME/.ICAClient/cache/ConnectionLease

For example, open /home/user1/.ICAClient/cache/ConnectionLease

Note:

The version of Citrix Workspace app for Linux available for use with service continuity is in technical preview.

Workspace connection leases are generated when the Citrix Workspace app connects to the Workspace store. View registry key values on the user device to determine whether the Citrix Workplace app has successfully contacted the Workspace connection lease service in Citrix Cloud.

Open regedit on the user device and view this key:

HKCU\Software\Citrix\Dazzle\Sites\store-xxxx

If these values appear in the registry key, the Citrix Workspace app contacted or attempted to contact the Workspace connection lease service:

  • leaseLastCallHomeTime
  • leaseLastSyncStatus

If the Citrix Workspace app tried unsuccessfully to contact the Workspace connection lease service, leaseLastCallHomeTime shows an error with an invalid time stamp:

leaseLastCallHomeTime REG_SZ 1/1/0001 12:00:00 AM

If leaseLastCallHomeTime is uninitialized, the Citrix Workspace app never attempted to contact the Workspace connection lease service. To resolve this issue, remove the account from the Citrix Workspace app and add it again.

Citrix Workspace app error codes for Workspace connection leases

When a service continuity error occurs on the user device, an error code appears in the error message. Common errors include:

Error code Description
3000 No connection lease files present
3002 Connection lease cannot be read or found
3003 No resource location found
3004 Connection details missing in the leases
3005 ICA file is empty
3006 Connection lease expired. Log back into Workspace.
3007 Connection lease is invalid
3008 Connection lease validation result: empty
3009 Connection lease validation result: invalid
3010 Parameter missing
3020 Connection lease validation failed
3021 No resource location found where the app is published
3022 Connection lease validation result: deny
3023 Citrix Workspace app timed out

Support for service continuity in browser (Technical Preview)

Note:

This feature is currently in Technical Preview. This feature is available to all customers. Sign-up is not required. Citrix recommends using this feature only in non-production environments.

Extensions for Google Chrome and Microsoft Edge make service continuity available to Windows users who access their apps and desktops using those browsers. The extensions are called Citrix Workspace Web extension and are available at the Chrome web store and the Microsoft Edge Add-on website.

These browser extensions require a native Citrix Workspace app on the user device to support service continuity. This technical preview requires Citrix Workspace app 2106 for Windows.

When a user signs into the native Citrix Workspace app for the first time, service continuity downloads Workspace connection leases to the user device. On Windows devices, connection leases are stored in C:\Users\Username\AppData\Local\Citrix\SelfService\ConnectionLeases\Store GUID\User GUID\leases.

Note:

Downloading Workspace connection leases might take up to 15 minutes for first-time sign-in.

The native Workspace app communicates with the Citrix Workspace Web extension using the native messaging host protocol for browser extensions. Together, the native Workspace app and the Workspace Web extension use Workspace connection leases to give browser users access to their apps and desktops during outages.

User device setup for browser users

To use service continuity in a browser, users must perform the following steps on their devices:

  1. Download and install a supported version of Citrix Workspace app. This technical preview requires Citrix Workspace app 2106 for Windows.

  2. Download and install the Citrix Workspace Web extension for Chrome or Edge.

Browser user experience

When users click their apps or desktops, the app or desktop opens without users being prompted to open the Citrix Workspace launcher.

Browser user experience during outages

Users can access their apps and desktops from a browser during outages, as long as the user device maintains a network connection to a resource location.

If an outage occurs while the user is logged in to Workspace through a browser, this message appears near the top of the browser window:

Workspace browser page with outage banner

Users can access apps and desktops that are available offline by clicking any icon that is not dimmed. Users can also try to get back online by clicking Reconnect to Workspace.

When an outage prevents users from logging in to Workspace through a browser, the user is prompted work offline or try logging in again. To access available apps and desktops offline, users click Use Workspace Offline.

Browser retry window

If an outage prevents users from logging in to the Workspace after navigating to the Workspace URL, the window appears after a specified timeout interval. By default, the window appears 30 seconds after the user navigates to the Workspace URL. You can set this value to 15, 30, 45 or 60 seconds. You can also disable the login timeout. If the login timeout is disabled, the window prompting users to work offline appears as soon as the user navigates to the Workspace URL.

To configure the login timeout setting, click the extension icon in the browser on the user device. Use the window appears to enable or disable login timeout and set the timeout duration:

Browser extension config window

If the browser has been redirected to a third-party identity provider authentication site but an outage prevents the user from logging in, the user can type the Workspace URL into the browser. Returning to the Workspace URL causes the window prompting users to work offline to appear. In this case, the user does not have to wait through the login timeout interval for the window to appears.

Users can also access apps and desktops available during an outage this way:

  1. Click the extension icon in the browser.

  2. In the window that appears, click the button under Work Offline. This button says Go to and then the name of your Workspace store.

  3. In the window that appears, click Use Workspace Offline.

During some outages, the window prompting users to work offline appears automatically when the extension detects server issues. The user does not have to take any action or wait through the login timeout interval.

Browser limitations

Unless the user enables the extension to work in incognito mode, service continuity is not supported in incognito mode.

Troubleshooting for browser users

Ensure that the extension icon in the browser appears green.

To download logs, click the extension icon in the browser. Then click Download Logs.

In the Advanced menu of the Citrix Workspace browser app account settings, ensure the current method for app and desktop launch preference is set to Use Citix Workspace App. If this option is set to Use Web Browser, service continuity is not supported in the browser.