Citrix online plug-in received a corrupt ICA File

imageI was testing a Script I wrote to launch a Citrix XenApp session using the Ica Client Object. Typical code to do this may look like this:

On my testmachine it ran nicely but on a customer machine the script failed with the error 2312 “The Citrix online plug-in received a corrupt ICA File. The ICA File has no [ApplicationServer] section“:

The Citrix online plug-in received a corrupt ICA File. The ICA File has no [ApplicationServer] section

I couldn’t find any errors in my script so I fired up Process Monitor and noticed that the Ica Client Object creates a temporary .ica file in the %temp% folder. When it tried to write to this file this fails because access is denied:

Process Monitor | ACCESS DENIED | temp folder | temporary ICA file

I Checked the temporary .ica file and it was empty (0 bytes). Then I used the Stack View option from Process Monitor on the first ACCESS DENIED event:

Process Monitor | Stack View

From the stack we can see that fltMgr.sys is the last to touch the file (stack is from bottom to top). fltMgr is the File System Filter Driver which makes it likely that the Virus Scanner is blocking access. So I checked the Anti Virus log, McAfee VirusScan in my case:


The text is in Dutch, it says: Blocked by the access rule: maximum Anti-Spyware: prevent script execution from the temp folder.

So McAfee considers the .ica a script since it’s created by the process cscript.exe.

Unfortunately the Ica Client Object doesn’t offer a method or property to change the folder where the temporary ica file is created. I decided to have look at Wfica.ocx with Ida Pro and noticed that the GetTempPath and GetTempFilename API’s are used to assemble the filepath.

In the remarks section of the GetTempPath documentation on MSDN states that it looks first to the %TMP% environment variable.

So we can easily workaround this issue by changing the %TMP% variable before we run our script:

Leave a Reply