On July 25, 2017, Adobe announced End of Life (EOL) for Flash. Adobe plans to stop updating and distributing the Flash Player at the end of 2020.
Microsoft announced that they are phasing out Flash support in Internet Explorer before the Adobe date. They are removing Flash from Windows by the end of 2020. When that happens, users can no longer enable or run Flash in Internet Explorer.
Citrix aligns with Microsoft policy and continues to maintain and support HDX Flash Redirection until the end of 2020. We haven't decided in which versions of XenApp and XenDesktop to exclude the Flash Redirection code, but we recommend that you switch to HTML5 Video Redirection whenever possible. HTML5 Video Redirection is ideal to control the multimedia content. For example, corporate communications videos, training videos, or when a third party hosts the content.
For more information about HTML5 Video Redirection, see HTML5 multimedia redirection.
Caution: Flash Redirection involves significant interaction between the user device and server components. Use this feature only in environments where security separation between the user device and server is not required. Additionally, configure user devices to use this feature only with trusted servers. Because Flash Redirection requires the Adobe Flash Player to be installed on the user device, enable this feature only if the Flash Player itself is secured.
Flash Redirection is supported on both clients and servers. If the client supports second generation Flash Redirection, Flash content renders on the client. Flash Redirection features include support for user connections over WAN, intelligent fallback, and a URL compatibility list; see below for details.
For the latest updates to HDX Flash compatibility, see CTX136588.
Install Citrix Receiver and Adobe Flash Player on the user device. No further configuration is required on the user device.
The policy settings appear under Administrative Templates > Classic Administrative Templates (ADM) > HDX MediaStream Flash Redirection - Client. See the Microsoft Active Directory documentation for details about GPOs and templates.
Change when Flash Redirection is used
Together with server-side settings, the Enable HDX MediaStream Flash Redirection on the user device policy setting controls whether Adobe Flash content is redirected to the user device for local rendering. By default, Flash Redirection is enabled and uses intelligent network detection to determine when to play Flash content on the user device.
If no configuration is set and Desktop Lock is used, Flash Redirection is enabled on the user device by default.
The following illustration indicates how Flash Redirection is handled for various network types.
Users can override intelligent network detection from the Citrix Receiver - Desktop Viewer Preferences dialog box by selecting Optimize or Don't Optimize in the Flash tab. The choices available vary depending on how Flash Redirection is configured on the user device, as shown in the following illustration.
Synchronize client-side HTTP cookies with the server-side
Enable server-side content fetching
By default, Flash Redirection downloads Adobe Flash content directly to the user device, where it is played. Enabling server-side content fetching causes the Flash content to download to the server and then be sent to the user device. Unless there is an overriding policy (such as a site blocked with the Flash URL compatibility list policy setting), the Flash content plays on the user device.
Server-side content fetching is frequently used when the user device connects to internal sites through NetScaler Gateway and when the user device does not have direct access to the Internet.
Flash Redirection supports three enabling options for server-side content fetching. Two of these options include the ability to cache server-side content on the user device, which improves performance because content that is reused is already available on the user device for rendering. The contents of this cache are stored separately from other HTTP content cached on the user device.
Fallback to server-side content fetching begins automatically when any of the enabling options is selected and client-side fetching of .swf files fails.
|Disabled||Disables server-side content fetching, overriding the Flash server-side content fetching URL list setting on the server. Server-side content fetching fallback is also disabled.|
|Enabled||Enables server-side content fetching for web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available, but Flash content is not cached.|
|Enabled (persistent caching)||Enables server-side content fetching for web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Content obtained through server-side fetching is cached on the user device and stored from session to session.|
|Enabled (temporary caching)||Enables server-side content fetching for web pages and Flash applications identified in the Flash server-side content fetching URL list. Server-side content fetching fallback is available. Content obtained through server-side fetching is cached on the user device and deleted at the end of the session.|
Redirect user devices to other servers for client-side content fetching
To redirect an attempt to obtain Flash content, use the URL rewriting rules for client-side content fetching setting, which is a second generation Flash Redirection feature. When configuring this feature, you provide two URL patterns; when the user device attempts to fetch content from a website matching the first pattern (the URL match pattern), it is redirected to the website specified by the second pattern (the rewritten URL format).
Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
You can add registry settings to specify the minimum version required for Flash redirection for client devices accessing VDAs using Citrix Receiver for Windows or Citrix Receiver for Linux. This security feature ensures that an outdated Flash version is not used.
ServerFlashPlayerVersionMinimum is a string value that specifies the minimum version of the Flash Player required on the ICA Server (VDA).
ClientFlashPlayerVersionMinimum is a string value that specifies the minimum version of the Flash Player required on the ICA Client (Citrix Receiver).
These version strings can be specified as "10" or "10.2" or "10.2.140". Only the major, minor and build numbers will be compared. The revision number will be ignored. For example, for a version string specified as "10" with only the major number specified, the minor and build numbers will be assumed to be zero.
FlashPlayerVersionComparisonMask is a DWORD value that when set to zero will disable comparing the version of the Flash Player on the ICA Client against the Flash Player on the ICA Server. The comparison mask has other values, but these should not be used because the meaning of any non-zero mask may change. It is recommended to only set the comparison mask to zero for the desired clients. It is not recommended to set the comparison mask under the client agnostic settings. If a comparison mask is not specified, Flash redirection will require that the ICA Client has a Flash Player with greater or equal version to the Flash Player on the ICA Server. It will do so by comparing only the major version number of the Flash Player.
In order for redirection to occur the client and server minimum checks need to be successful in addition to the check using the comparison mask.
The subkey ClientID0x51 specifies Citrix Receiver for Linux. The subkey ClientID0x1 specifies Citrix Receiver for Windows. This subkey is named by appending the hexadecimal Client Product ID (without any leading zeros) to the string "ClientID".
32-bit VDA example registry configuration
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer] Client agnostic settings
"ClientFlashPlayerVersionMinimum"="13.0" Minimum version required for the ICA client "ServerFlashPlayerVersionMinimum"="13.0" Minimum version required for the ICA server [HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer\ClientID0x1] Windows ICA Client settings
"ClientFlashPlayerVersionMinimum"="16.0.0" This specifies the minimum version of the Flash Player required for the Windows client [HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\HdxMediaStreamForFlash\Server\PseudoServer\ClientID0x51] Linux ICA Client settings
"FlashPlayerVersionComparisonMask"=dword:00000000 This disables the version comparison-check for the linux client (checking to see that the client has a more recent Flash Player than the server) "ClientFlashPlayerVersionMinimum"="11.2.0" This specifies the minimum version of the Flash Player for the Linux client.
64-bit VDA example registry configuration